You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Oleg Gusakov (JIRA)" <ji...@codehaus.org> on 2009/05/06 22:37:44 UTC

[jira] Created: (MERCURY-128) replace SHA-1 with SHA-512 in the PGP signature generation

replace SHA-1 with SHA-512 in the PGP signature generation
----------------------------------------------------------

                 Key: MERCURY-128
                 URL: http://jira.codehaus.org/browse/MERCURY-128
             Project: Mercury
          Issue Type: Improvement
            Reporter: Oleg Gusakov
            Assignee: Oleg Gusakov


Due to the recent break troughs - http://www.debian-administration.org/users/dkg/weblog/48 - SHA-1 should not be considered safe.

* replace with SHA-512
* check if it breaks compatibility with existing signatures

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Issue Comment Edited: (MERCURY-128) replace SHA-1 with SHA-512 in the PGP signature generation

Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.

    [ http://jira.codehaus.org/browse/MERCURY-128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=175321#action_175321 ] 

Oleg Gusakov edited comment on MERCURY-128 at 5/6/09 3:52 PM:
--------------------------------------------------------------

Works fine - existing signatures seem to be OK

      was (Author: olle):
    Works fine - old signatures seem to be OK
  
> replace SHA-1 with SHA-512 in the PGP signature generation
> ----------------------------------------------------------
>
>                 Key: MERCURY-128
>                 URL: http://jira.codehaus.org/browse/MERCURY-128
>             Project: Mercury
>          Issue Type: Improvement
>            Reporter: Oleg Gusakov
>            Assignee: Oleg Gusakov
>
> Due to the recent break troughs - http://www.debian-administration.org/users/dkg/weblog/48 - SHA-1 should not be considered safe.
> * replace with SHA-512
> * check if it breaks compatibility with existing signatures

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (MERCURY-128) replace SHA-1 with SHA-512 in the PGP signature generation

Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.

    [ http://jira.codehaus.org/browse/MERCURY-128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=175321#action_175321 ] 

Oleg Gusakov commented on MERCURY-128:
--------------------------------------

Works fine - old signatures seem to be OK

> replace SHA-1 with SHA-512 in the PGP signature generation
> ----------------------------------------------------------
>
>                 Key: MERCURY-128
>                 URL: http://jira.codehaus.org/browse/MERCURY-128
>             Project: Mercury
>          Issue Type: Improvement
>            Reporter: Oleg Gusakov
>            Assignee: Oleg Gusakov
>
> Due to the recent break troughs - http://www.debian-administration.org/users/dkg/weblog/48 - SHA-1 should not be considered safe.
> * replace with SHA-512
> * check if it breaks compatibility with existing signatures

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (MERCURY-128) replace SHA-1 with SHA-512 in the PGP signature generation

Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.

     [ http://jira.codehaus.org/browse/MERCURY-128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Gusakov closed MERCURY-128.
--------------------------------

    Resolution: Fixed

Done

> replace SHA-1 with SHA-512 in the PGP signature generation
> ----------------------------------------------------------
>
>                 Key: MERCURY-128
>                 URL: http://jira.codehaus.org/browse/MERCURY-128
>             Project: Mercury
>          Issue Type: Improvement
>            Reporter: Oleg Gusakov
>            Assignee: Oleg Gusakov
>
> Due to the recent break troughs - http://www.debian-administration.org/users/dkg/weblog/48 - SHA-1 should not be considered safe.
> * replace with SHA-512
> * check if it breaks compatibility with existing signatures

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira