Bug#659990: signing-party: [gpgparticipants] move away from SHA1

Luca Capello Wed, 15 Feb 2012 08:03:23 -0800

Package: signing-party
Version: 1.1.4-1
Severity: wishlist
File: /usr/bin/gpgparticipants
Tags: patch
Usertags: pca.it-communication


Hi there!

IMHO we should replace SHA1 with SHA256.  Here is the patch, which also
fixes the fact that algorithms are uppercase:

--8<---------------cut here---------------start------------->8---
--- /usr/bin/gpgparticipants    2011-11-01 20:01:39.000000000 +0100
+++ /home/luca/bin/gpgparticipants      2012-02-15 16:58:37.652492862 +0100
@@ -41,18 +41,21 @@
 
 Here's what you have to do with this file:
 (1) Print this file to paper.
-(2) Compute this file's MD5 checksum and optionally also its SHA1 checksum.
-   gpg --print-md md5  $output  (or use md5sum)
-   gpg --print-md sha1 $output  (or use sha1sum)
+(2) Compute this file's MD5 and SHA256 checksums.
+   gpg --print-md MD5    $output  (or use md5sum)
+   gpg --print-md SHA256 $output  (or use sha256sum)
 (3) Fill in the hash values on the printout.
 (4) Bring the printout, a pen, and proof of identity to the key signing party
     (and be on time!).
 
-MD5 Checksum:  __ __ __ __ __ __ __ __    __ __ __ __ __ __ __ __      [ ]
+MD5 Checksum:    __ __ __ __ __ __ __ __    __ __ __ __ __ __ __ __    [ ]
 
 
 
-SHA1 Checksum: ____ ____ ____ ____ ____    ____ ____ ____ ____ ____    [ ]
+SHA256 Checksum: ________ ________ ________ ________
+
+
+                 ________ ________ ________ ________                   [ ]
 
 
 
--8<---------------cut here---------------end--------------->8---

While the FOSDEM 2011 and 2012 Keysigning Parties replaced MD5 with
RMD160, I think that MD5 should stay there, given that it is (sort of)
ubiquitous and also because there is no rmd160sum utility on a default
Debian.

Thx, bye,
Gismo / Luca

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages signing-party depends on:
ii  gnupg                      1.4.11-3
ii  libc6                      2.13-24
ii  libclass-methodmaker-perl  2.18-1+b1
ii  libgnupg-interface-perl    0.45-1
ii  libmailtools-perl          2.08-1
ii  libmime-tools-perl         5.502-1
ii  libterm-readkey-perl       2.30-4+b2
ii  libtext-template-perl      1.45-2
ii  perl                       5.14.2-7
ii  qprint                     1.0.dfsg.2-2

Versions of packages signing-party recommends:
ii  libgd-gd2-noxpm-perl | libgd-gd2-perl  <none>
ii  libpaper-utils                         1.1.24+nmu1
ii  libtext-iconv-perl                     1.7-5
ii  postfix [mail-transport-agent]         2.8.5-1.1
ii  whiptail                               0.52.14-8

Versions of packages signing-party suggests:
ii  imagemagick                8:6.6.9.7-5+b2
ii  mutt                       1.5.21-5
ii  texlive-latex-recommended  2009-15
ii  wipe                       0.22-1

-- no debconf information

pgpobhOk1u8T8.pgp
Description: PGP signature

Bug#659990: signing-party: [gpgparticipants] move away from SHA1

Reply via email to