Bug#983069: lintian: please check that upstream signature is made with a modern hash (warn or error on MD5, SHA1, or RIPEMD160)

On Fri 2021-02-26 04:48:50 -0800, Felix Lechner wrote: > That's a great idea! As a first step, I would like to show a > classification tag with the hash algorithm. (It could be used for > statistics.) Can 'gpgv' output such signature characteristics? sure, we have several different tools (like pgp

Bug#983069: lintian: please check that upstream signature is made with a modern hash (warn or error on MD5, SHA1, or RIPEMD160)

Hi dkg, On Thu, Feb 18, 2021 at 2:57 PM Daniel Kahn Gillmor wrote: > > uses a weak cryptographic digest algorithm. That's a great idea! As a first step, I would like to show a classification tag with the hash algorithm. (It could be used for statistics.) Can 'gpgv' output such signature characte

Bug#983069: lintian: please check that upstream signature is made with a modern hash (warn or error on MD5, SHA1, or RIPEMD160)

Package: lintian Version: 2.104.0 Control: clone -1 -2 Control: reassign -2 devscripts Control: retitle -2 [uscan] deprecate upstream signatures made using weak hashes like MD5, SHA1, or RIPEMD160 Some upstream packages are signed with OpenPGP using old, deprecated digest algorithms. See for exa