We need to come up with a plan how to deal with obsoleted crypto in rpm. MD5 is
practically gone long since and SHA1 is on its way out too, to the point that
it's not necessarily even possible to calculate these algorithms anymore (eg
MD5 on FIPS mode). Yet we still carry them in various more-or-less prominent
and permanent places such as the MD5 header+payload digest, database indexes
(RPMDBI_SIGMD5 and RPMDBI_SHA1HEADER), MD5 aliasing for pkgid, and SHA1
aliasing for hdrid, and so on.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1292
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
