On 2016-09-27 23:21, Han Yuwei wrote: > 在 2016年9月27日星期二 UTC+8下午8:33:28,Gervase Markham写道: >> On 27/09/16 13:13, [email protected] wrote: >>> We must use Windows XP becuase some programs can only run on XP. We >>> have no money to get new programs and new Windows. Do you give $$$¥¥¥ >>> to me??? You don't right? So please understand why we use XP. >> >> Windows XP SP3 supports SHA-256. And of course, you always have the >> option of Linux, which is a free modern operating system. >> >> Gerv > > There are a lot of software whose company is already down running at > factoies, critical public infrastructures even hospital. We can't take the > risk to upgrade the operating system. But I am not supporting continous using > of SHA1 certificates. Maybe you can understand this. :)
*Not* upgrading the operating system is a security risk. If you need to interact with certificates, your computer is networked. If your computer is networked, you absolutely cannot afford *not* to keep it up to date and using a supported operating system. Anything else is asking to get compromised, and then certificates are going to be the least of your worries. The "install it once and don't touch it" mentality stops working the moment there's an Ethernet port with a cable connected to it. I would hope networked equipment at critical public infrastructure like a hospital is using a supported, updated operating system and software. -- Hector Martin "marcan" ([email protected]) Public Key: https://mrcn.st/pub _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
