You are viewing a plain text version of this content. The canonical link for it is here.
Posted to infrastructure-issues@apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2016/06/04 12:29:59 UTC
[jira] [Created] (INFRA-12041) id.apache.org should insist on full
fingerprints
Sebb created INFRA-12041:
----------------------------
Summary: id.apache.org should insist on full fingerprints
Key: INFRA-12041
URL: https://issues.apache.org/jira/browse/INFRA-12041
Project: Infrastructure
Issue Type: Improvement
Components: Selfserve
Reporter: Sebb
The id.apache.org service currently allows just about anything in the asf-pgpKeyFingerprint field.
Since 32-bit short keys have been shown to be non-unique, and spoofable [1], the service should only allow fingerprints.
[1] http://gwolf.org/node/4070
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)