> you are using a 1024 bit key for signing GLPK distribution tar balls. > > 1024 bit is no longer considered safe. Cf. > http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf > > Furthermore you are using SHA-1 for signing. > SHA1 is also regarded as unsafe. >
AFAIK, many other GNU packages use a similar signature. See for example, ftp://ftp.gnu.org/gnu/gcc/gcc-6.3.0/ . _______________________________________________ Help-glpk mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-glpk
