You are viewing a plain text version of this content. The canonical link for it is here.
Posted to infrastructure-issues@apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2016/06/04 12:36:59 UTC
[jira] [Created] (INFRA-12042) home.apache.org key file generator
should only use full fingerprints
Sebb created INFRA-12042:
----------------------------
Summary: home.apache.org key file generator should only use full fingerprints
Key: INFRA-12042
URL: https://issues.apache.org/jira/browse/INFRA-12042
Project: Infrastructure
Issue Type: Improvement
Components: Website
Environment: http://home.apache.org/keys/committer/
Reporter: Sebb
The committer keys files are generated from LDAP, and currently accept both short key ids and full fingerprints.
Since 32-bit short keys have been shown to be non-unique, and spoofable [1], the extraction process should only use fingerprints for generating the committer keys files.
[1] http://gwolf.org/node/4070
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)