On Wed, Oct 03, 2018 at 05:29:10PM +0100, Chris Lamb wrote:
> > Just mentioning, also dpkg-buildpackage itself followed this route with
> > the latest 1.19.1.
>
> A quick glance at the (huge!) changelog for this upload is not finding
> the relevant portion. Can you help?
* Make
Hi Mattia,
> I'm CCing with this email also lamby and guillem (whom I invite to read
> the original bug report) as they may have further insight, having had
> some stake in introducing the now disputed change.
I believe my thoughts on this issue are already somewhat recorded on the
original
On Fri, Sep 28, 2018 at 05:28:07PM -0700, Steve Langasek wrote:
> I
> memorize short IDs, and I use them, safely, with debsign -k when sponsoring
> uploads.
May I ask, without any pretense of foreknowing or arrogance, just how
many private keys you deal with and with how many different keys you
Hi Steve--
On Fri 2018-09-28 17:28:07 -0700, Steve Langasek wrote:
> $ debsign -k01aa4a64 [...].changes
> Refusing to sign with short key ID '01aa4a64'!
> $ echo $?
> 1
> $
>
> Seriously?
Yep, seriously. Please specify the key you want to use unambiguously.
> What kind of collision attack
Package: devscripts
Version: 2.18.2
$ debsign -k01aa4a64 [...].changes
Refusing to sign with short key ID '01aa4a64'!
$ echo $?
1
$
Seriously?
[ Chris Lamb ]
* debsign:
+ To prevent collision attacks, refuse to sign with short key IDs (eg.
0xCAFEBABE) and warn when not using full
5 matches
Mail list logo