You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Oleg Gusakov (JIRA)" <ji...@codehaus.org> on 2009/05/06 22:53:44 UTC
[jira] Commented: (MERCURY-128) replace SHA-1 with SHA-512 in the
PGP signature generation
[ http://jira.codehaus.org/browse/MERCURY-128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=175321#action_175321 ]
Oleg Gusakov commented on MERCURY-128:
--------------------------------------
Works fine - old signatures seem to be OK
> replace SHA-1 with SHA-512 in the PGP signature generation
> ----------------------------------------------------------
>
> Key: MERCURY-128
> URL: http://jira.codehaus.org/browse/MERCURY-128
> Project: Mercury
> Issue Type: Improvement
> Reporter: Oleg Gusakov
> Assignee: Oleg Gusakov
>
> Due to the recent break troughs - http://www.debian-administration.org/users/dkg/weblog/48 - SHA-1 should not be considered safe.
> * replace with SHA-512
> * check if it breaks compatibility with existing signatures
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira