You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@whimsical.apache.org by Matt Sicker <bo...@gmail.com> on 2020/01/07 18:09:43 UTC

SHA-1 security issues, GPG update mitigation

https://sha-mbles.github.io/

Simply put, SHA-1 is about as insecure as MD5. GPG 2.2.18 contains a
fix for this to ignore SHA-1-based identity signatures for keys
created after 19 Jan 2019.

I'm not sure if we have a link to documentation for users about proper
use of GPG/PGP, though it might be handy to mention minimum key sizes
if we do.

-- 
Matt Sicker <bo...@gmail.com>