Alexander Sosedkin <asosed...@redhat.com> writes: > Daniel P. Berrangé <berra...@redhat.com> wrote: > >> Perhaps a useful first step is to just modify the three main >> crypto libs (gnutls, openssl, and nss) to send a scary warnihg >> message to stderr/syslog any time they get use of SHA1 in a >> signature. Leave that active for a release cycle and see how >> many bug reports we get. > > I left my crystal ball at home today, > but I don't need it to say it'd be ~0 bugs filed if we log to syslog > and ~3 if we log to stderr/stdout, all named > "$CRYPTOLIB has no business messing up my stderr/stdout",
It's clear you want SHA-1 gone, but the way you've written this maybe isn't conveying what you wan, as it sounds like you're also unwilling to process the bugs that result requesting its removal. (If you, who want it gone, aren't willing to participate in that, why should maintainers care?) As I understood the proposal, it would be for the crypto lib to log a message like: [timestamp] /usr/bin/firefox used DEPRECATED SHA-1 invocation This is similar to what happened for /var/run: sure, it was annoying to basically everyone involved, but the bugs also went to the relevant packages. > which we'll promptly close by reverting the changes. I don't see why you'd do that instead of reassigning to the appropriate packages or (better) helping them migrate. Be well, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
