On Aug 3, 2009, at 8:46 PM, Simon Paillard wrote: > Hi, > > Following Debconf, you are certainly about to use caff and sign/sent > keys (or you already did it). > > Just this mail to make the Bdale notice[0] more visible: caff uses > SHA1 by > default[1], even with correctly configured gnupg as per Ana's post[2]. > That's a shame since the point of these 4k keys is to use stronger > digests. > > To fix it for future keys: > ln -s ~/.gnupg/gpg.conf ~/.caff/gnupghome/gpg.conf > > To fix key XXXXXXXX signed using SHA-1 : > gpg --homedir=/home/uid/.caff/gnupghome --secret-keyring /home/ > uid/.gnupg/secring.gpg > --no-auto-check-trustdb --trust-model=always --edit-key XXXXXXXX > caff --no-download XXXXXXXX > > [0] http://www.gag.com/bdale/blog/posts/Strong_Keys.html > [1] http://bugs.debian.org/527944 > [2] http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/
Yes, also have this message in consideration when using caff, courtesy of dkg: http://lists.vireo.org/pipermail/debiannyc/2009-May/000292.html _______________________________________________ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
