Control: severity 679765 important Control: retitle 679765 puppet ca uses weak cryptographic hashing algorithm
After some deliberations, I've decided to set the severity of this bug to "important". It does not by itself, and not with any small amount of work, fill the requirements for "grave" or "serious". I'll keep the "security" tag, since that's still relevant. Stronger cryptography (configurable, stronger hashing algorithms) is scheduled for the puppet 3.x release. This version is expected to be the version of puppet in jessie (and wheezy-backports). According to the upstream issue, this change breaks master-node compatilibity between versions with and without this functionality. This makes the change not suitable for patching or backporting at this stage. -- Stig Sandbeck Mathisen
pgpou4IocYqIs.pgp
Description: PGP signature