fedpkg won't work in fips mode because it checks the file download cheksums in the sources file using md5. md5 is weak, and we should not trust it to verify network obtained files. It would be good if we can migrate away from md5 in the sources file to sha1 or sha256. As this migration will probably take a while, due to packagers needing to update their sources files, it should start sooner rather then later.
Is there any workaround for this bug?
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
lookaside cache needs md5. right now it is absolutely required. we need to convert the whole lookaside cache to sha356sum to move off of needing md5
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
Is sha512sum okay?
As of Dec 12 and fedpkg-1.26 newly uploaded sources will use SHA512. https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016
awesome! Thanks!