Debian crypto strength

Daniel Pocock daniel at pocock.com.au
Thu Jun 27 11:24:52 CEST 2013


Some of the discussion in this bug seems relevant to the GnuPG and
GnuPG2 packages in Debian, but the bug is against the archive
pseudo-package:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612657

Can anybody else make any comments:

a) should there be more effort to phase out SHA1?

b) how is it being approached upstream?  Is backwards-compatibility
still emphasized to the same extent?

c) should this become a general system-wide goal to audit and increase
crypto-strength in all parts of jessie / future Debian versions?





More information about the Gnupg-users mailing list