You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Oleg Gusakov (JIRA)" <ji...@codehaus.org> on 2009/05/06 22:53:45 UTC
[jira] Issue Comment Edited: (MERCURY-128) replace SHA-1 with
SHA-512 in the PGP signature generation
[ http://jira.codehaus.org/browse/MERCURY-128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=175321#action_175321 ]
Oleg Gusakov edited comment on MERCURY-128 at 5/6/09 3:52 PM:
--------------------------------------------------------------
Works fine - existing signatures seem to be OK
was (Author: olle):
Works fine - old signatures seem to be OK
> replace SHA-1 with SHA-512 in the PGP signature generation
> ----------------------------------------------------------
>
> Key: MERCURY-128
> URL: http://jira.codehaus.org/browse/MERCURY-128
> Project: Mercury
> Issue Type: Improvement
> Reporter: Oleg Gusakov
> Assignee: Oleg Gusakov
>
> Due to the recent break troughs - http://www.debian-administration.org/users/dkg/weblog/48 - SHA-1 should not be considered safe.
> * replace with SHA-512
> * check if it breaks compatibility with existing signatures
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira