On Sat, Nov 06, 2021 at 07:43:02AM -0000, Daniel Alley wrote:
> Another issue - which is not per-se a security issue but it's still a problem
> - is that deltarpm uses md5 checksums pervasively. They're everywhere. And
> it uses its own implementation of md5 which doesn't respect FIPS, so even
> when the user has *explicitly* configured their system to not use md5 for
> anything security-relevant, libdeltarpm won't know or care.
They are used as a consistency check, it might as well use crc32.
So I don't see why FIPS is a concern for you.
Cheers,
Michael.
--
Michael Schroeder SUSE Software Solutions Germany GmbH
m...@suse.de GF: Felix Imendoerffer HRB 36809, AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
