Package: gnupg Version: 1.2.5-3 Severity: grave Justification: user security hole
Hi, As Bruce Schneier reports at http://www.schneier.com/blog/ the SHA-! algorithm seems broken. GnuPG should be changed to give strong warings whenever SHA-1 is used, and maybe disable the usage of SHA-1 for new signatures altogether. Thanks, Markus -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10-as3-madwifi-fire Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages gnupg depends on: ii libbz2-1.0 1.0.2-1 A high-quality block-sorting file ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libldap2 2.1.30-3 OpenLDAP libraries ii makedev 2.3.1-75 Creates device files in /dev ii zlib1g 1:1.2.2-3 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]