480791 – Use SHA-2 in repodata (both release and updates)

Bug 480791 - Use SHA-2 in repodata (both release and updates)

Summary: Use SHA-2 in repodata (both release and updates)

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mash
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	477029 477030
Blocks:	fedora-sha2 480814
TreeView+	depends on / blocked

Reported:	2009-01-20 16:15 UTC by Miloslav Trmač
Modified:	2014-03-17 03:17 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Clones:	480814 (view as bug list)
Environment:
Last Closed:	2009-03-25 16:03:14 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Miloslav Trmač 2009-01-20 16:15:48 UTC

Some weaknesses have been discovered in SHA-1, we should migrate to SHA-2 hashes used in repodata.  See https://fedoraproject.org/wiki/Features/StrongerHashes for more rationale and information.

Eventually this should be possible simply by passing "-s sha256" to createrepo.

Comment 1 Jesse Keating 2009-01-20 17:32:25 UTC

This is really a mash and pungi bug, as those are the tools being used to create the distribution.  assigning and cloning as such.

Comment 2 Bill Nottingham 2009-01-20 17:50:27 UTC

Well, without support in createrepo itself, there's very little the tools can do. I think it's best to just have the default set in createrepo, and then we don't need to modify every tool.b

Comment 3 Bill Nottingham 2009-03-24 20:12:06 UTC

What's the createrepo status here?

Comment 4 Miloslav Trmač 2009-03-25 08:56:41 UTC

sha256 is the default algorithm in createrepo >= 0.9.7.

Comment 5 Bill Nottingham 2009-03-25 16:03:14 UTC

OK, if it's the default where it's needed, then mash shouldn't need to change.

Note You need to log in before you can comment on or make changes to this bug.