On Tue, 11 Nov 2025 16:48:30 +0100, Petr Pavlu wrote:
> SHA-1 is considered deprecated and insecure due to vulnerabilities that can
> lead to hash collisions. Most distributions have already been using SHA-2
> for module signing because of this. The default was also changed last year
> from SHA-1 to SHA-512 in f3b93547b91a ("module: sign with sha512 instead of
> sha1 by default"). This was not reported to cause any issues. Therefore, it
> now seems to be a good time to remove SHA-1 support for module signing.
>
> [...]
Applied to modules-next, thanks!
[1/2] module: Remove SHA-1 support for module signing
commit: 148519a06304af4e6fbb82f20e1a4480e2c1b126
[2/2] sign-file: Use only the OpenSSL CMS API for signing
commit: d7afd65b4acc775df872af30948dd7c196587169
Best regards,
Sami
