[Pkg-rust-maintainers] Bug#1103016: incompatibility with gpg causing FTBFS
René Engelhard
rene at rene-engelhard.de
Mon Apr 14 12:53:16 BST 2025
Hi,
Am 14. April 2025 13:43:20 MESZ schrieb Justus Winter <justus at sequoia-pgp.org>:
>René Engelhard <rene at rene-engelhard.de> writes:
>
>> If you divert /usr/bin/gpg, IMHO you need to behave like gpg.
>
>gpg doesn't behave like gpg. Just look at all the version-specific
>hacks in GPGME if you don't take my word for it. (...)
I believe you...
>> This includes accepting what gpg accepts.
>
>What gpg accepts is unacceptable. Just to provide some context, here is
>the second paragraph of https://en.wikipedia.org/wiki/SHA-1
>
> Since 2005, SHA-1 has not been considered secure against well-funded
> opponents;[11]
I know...
It's still only test keys to test whether signing/verify works, not real world keys.
But yeah, they need to be updated, will propose upstream. It's definitely too late for Trixie though, will try to get it upstream for forky.
Regards
René
More information about the Pkg-rust-maintainers
mailing list