You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2016/06/04 12:36:59 UTC

[jira] [Created] (INFRA-12042) home.apache.org key file generator should only use full fingerprints

Sebb created INFRA-12042:
----------------------------

             Summary: home.apache.org key file generator should only use full fingerprints
                 Key: INFRA-12042
                 URL: https://issues.apache.org/jira/browse/INFRA-12042
             Project: Infrastructure
          Issue Type: Improvement
          Components: Website
         Environment: http://home.apache.org/keys/committer/
            Reporter: Sebb


The committer keys files are generated from LDAP, and currently accept both short key ids and full fingerprints.

Since 32-bit short keys have been shown to be non-unique, and spoofable [1], the extraction process should only use fingerprints for generating the committer keys files.

[1] http://gwolf.org/node/4070




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)