Hi Zbyszek,
Thanks for the clarifications.
Neal
On Mon, 27 Mar 2023 14:32:58 +0200,
Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Mar 27, 2023 at 01:29:38PM +0200, Neal H. Walfield wrote:
> > On Mon, 27 Mar 2023 13:16:45 +0200,
> > Zbigniew Jędrzejewski-Szmek wrote:
> > > I agree. The scope of th
On Mon, Mar 27, 2023 at 01:29:38PM +0200, Neal H. Walfield wrote:
> On Mon, 27 Mar 2023 13:16:45 +0200,
> Zbigniew Jędrzejewski-Szmek wrote:
> > I agree. The scope of the issue is fairly narrow, and the underlying
> > issue is an invalid signature made by the anydesk maintainers.
> > We also have a
On Mon, 27 Mar 2023 13:16:45 +0200,
Zbigniew Jędrzejewski-Szmek wrote:
> I agree. The scope of the issue is fairly narrow, and the underlying
> issue is an invalid signature made by the anydesk maintainers.
> We also have a simple command that users can use to work around
> the issue.
If you are t
On Mon, Mar 27, 2023 at 11:40:05AM +0200, Fabio Valentini wrote:
> On Mon, Mar 27, 2023 at 11:23 AM Kamil Paral wrote:
> >
> > On Sat, Mar 25, 2023 at 8:20 AM Neal H. Walfield wrote:
> >>
> >> Panu wrote https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c126 :
> >>
> >> > To me the key points h
On 3/27/23 12:40, Fabio Valentini wrote:
On Mon, Mar 27, 2023 at 11:23 AM Kamil Paral wrote:
On Sat, Mar 25, 2023 at 8:20 AM Neal H. Walfield wrote:
Panu wrote https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c126 :
To me the key points here are
1) there's a lot of obsolete/broken cryp
On Mon, Mar 27, 2023 at 11:23 AM Kamil Paral wrote:
>
> On Sat, Mar 25, 2023 at 8:20 AM Neal H. Walfield wrote:
>>
>> Panu wrote https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c126 :
>>
>> > To me the key points here are
>> > 1) there's a lot of obsolete/broken crypto out there
>> > 2) we ne
On Sat, Mar 25, 2023 at 8:20 AM Neal H. Walfield wrote:
> Panu wrote https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c126 :
>
> > To me the key points here are
> > 1) there's a lot of obsolete/broken crypto out there
> > 2) we need better error messages
> >
> > Properly dealing with 2) needs
Hi Ben,
Thanks for working on this.
On Fri, 24 Mar 2023 19:25:46 +0100,
Ben Cotton wrote:
> Accepted blockers
> -
>
> 1. crypto-policies ― Insecure installed RPMs (like Google Chrome)
> prevent system updates in F38, can't be removed ― ASSIGNED
> ACTION:
On Fri, 2021-10-15 at 10:33 -0500, Michael Catanzaro wrote:
> On Fri, Oct 15 2021 at 10:10:38 AM +0200, Björn Persson
> wrote:
> > My question is: Is it true that this usage of SHA-1 makes the TLS
> > session weak, so that it's correct to forbid it in the crypto policy?
>
> Hm, I think Fedora's
Michael Catanzaro wrote:
> SHA-1 is blocked in certificate signatures because those can be
> attacked offline. Signatures in the TLS handshake are entirely
> different. I'm hardly an expert, but I think the attacker only has a
> few seconds to generate a hash collision before the user gives up a
On Fri, Oct 15 2021 at 10:10:38 AM +0200, Björn Persson
wrote:
My question is: Is it true that this usage of SHA-1 makes the TLS
session weak, so that it's correct to forbid it in the crypto policy?
Hm, I think Fedora's crypto policy should not be stricter than upstream
Firefox. This should p
Hello, I have a question for someone with deep knowledge about
cryptology. The question regards Fedora's crypto policies and a certain
usage of SHA-1 in TLS.
I encountered a web server that Seamonkey and Firefox refuse to talk
to. Both give me the error SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGO
https://bugzilla.redhat.com/show_bug.cgi?id=1851243
Petr Pisar changed:
What|Removed |Added
Status|NEW |ASSIGNED
Assignee|de...@fateyev.
On Fri, May 29, 2020 at 10:25 AM Igor Raits
wrote:
> This is fixed now.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1841851
Thank you for the quick response.
--
Jerry James
http://www.jamezone.org/
___
devel mailing list -- devel@lists.fedoraprojec
unning transaction test
> Transaction test succeeded.
> Running transaction
> error: lua script failed: [string
> "%prein(crypto-policies-20200527-3.gitb234a47.fc33.noarch)"]:19:
> attempt to call a nil value
>
> Error in PREIN scriptlet in rpm package crypto-polici
failed: [string
"%prein(crypto-policies-20200527-3.gitb234a47.fc33.noarch)"]:19:
attempt to call a nil value
Error in PREIN scriptlet in rpm package crypto-policies
error: crypto-policies-20200527-3.gitb234a47.fc33.noarch: install failed
https://bugzilla.redhat.com/show_bug.cgi?id=1841851
Trying to build a package just now failed
(https://koji.fedoraproject.org/koji/taskinfo?taskID=45145531):
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
error: lua script failed: [string
"%prein(crypto-pol
On Wed, 2019-06-19 at 12:38 +0200, Vít Ondruch wrote:
> Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a):
> > == How To Test ==
> >
> > This will be tested as part of the upstream crypto-policies
> > testsuite.
>
> I think this section should describe, how I, as a F
i/Changes/CustomCryptoPolicies
> > > >
> > > > == Summary ==
> > > > This new feature of crypto-policies allows system
> > > > administrators
> > > > and
> > > > third party providers to modify and adjust the existing system-
> &g
Dne 19. 06. 19 v 12:00 Tomas Mraz napsal(a):
> On Wed, 2019-06-19 at 10:19 +0200, Vít Ondruch wrote:
>> Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a):
>>> https://fedoraproject.org/wiki/Changes/CustomCryptoPolicies
>>>
>>> == Summary ==
>>> This
Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a):
> == How To Test ==
>
> This will be tested as part of the upstream crypto-policies testsuite.
I think this section should describe, how I, as a Fedora user, am
supposed to test this. E.g.
1) Get this test package
2) Modify this file
3)
On Wed, 2019-06-19 at 10:19 +0200, Vít Ondruch wrote:
> Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a):
> > https://fedoraproject.org/wiki/Changes/CustomCryptoPolicies
> >
> > == Summary ==
> > This new feature of crypto-policies allows system administrators
> >
Dne 18. 06. 19 v 21:50 Ben Cotton napsal(a):
> https://fedoraproject.org/wiki/Changes/CustomCryptoPolicies
>
> == Summary ==
> This new feature of crypto-policies allows system administrators and
> third party providers to modify and adjust the existing system-wide
> crypto pol
https://fedoraproject.org/wiki/Changes/CustomCryptoPolicies
== Summary ==
This new feature of crypto-policies allows system administrators and
third party providers to modify and adjust the existing system-wide
crypto policies to enable or disable algorithms and protocols.
== Owner ==
* Name
consolidated way to select
> > > system-
> > > wide crypto
> > > policy. It's great, but granularity of selection is little
> > > lacking.
> > > We have
> > > basically two sensible choices:
> > > - DEFAULT, which is, well, default
On Mon, 2016-12-19 at 09:35 +0100, Nikos Mavrogiannopoulos wrote:
$ update-crypto-policies --set FUTURE
Setting system policy to FUTURE
$ wget https://github.com
Resolving github.com (github.com)... 192.30.253.112,
192.30.253.113
github.com
but granularity of selection is little lacking.
> > We have
> > basically two sensible choices:
> > - DEFAULT, which is, well, default
>
> That is one of the main goals of crypto policies. To set a sensible
> default across the system applications, irrespective of which bac
gt; - DEFAULT, which is, well, default
That is one of the main goals of crypto policies. To set a sensible
default across the system applications, irrespective of which back-end
library it uses. It should not be underestimated, as even now we are
not there yet, especially with the applications de
On Sat, Dec 17, 2016 at 01:07:52PM -0500, Scott Schmit wrote:
> On Sat, Dec 17, 2016 at 06:05:49PM +0100, Nicolas Chauvet wrote:
> > Maybe we need to rename FUTURE by QUITE_SOON instead, because the
> > error you have pointed is about sha-1 been deprecated:
> >
> > According to this blog, chrome w
On Sat, Dec 17, 2016 at 06:05:49PM +0100, Nicolas Chauvet wrote:
> Maybe we need to rename FUTURE by QUITE_SOON instead, because the
> error you have pointed is about sha-1 been deprecated:
>
> According to this blog, chrome will remove support for sha-1
> certificates on 1 January 2017 (it's an o
On 17/12/16 17:05, Nicolas Chauvet wrote:
Maybe we need to rename FUTURE by QUITE_SOON instead, because the
error you have pointed is about sha-1 been deprecated:
According to this blog, chrome will remove support for sha-1
certificates on 1 January 2017 (it's an old post, so I don't know if
it
He switches to FUTURE and now GitHub doesn't
> work:
>
> $ update-crypto-policies --set FUTURE
> Setting system policy to FUTURE
>
> $ wget https://github.com
> Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
>
ts to change the
policy,
(s)he will have to switch to FUTURE
So let's imagine Joe Sysadmins who in the face of LogJam and other
vulnerabilites,
wants to tighten security a bit. He switches to FUTURE and now GitHub doesn't
work:
$ update-crypto-policies --set FUTURE
Setting system p
On 2014-10-16, Nikos Mavrogiannopoulos wrote:
> The currently proposed fedora maintainer instructions for the
> system-wide crypto policy are mainly for the C language. Could some
> experienced in other languages (e.g., ruby/python) propose some text for
> them?
>
> https://fedoraproject.org/wiki
On 2014-10-16, Nikos Mavrogiannopoulos wrote:
> The currently proposed fedora maintainer instructions for the
> system-wide crypto policy are mainly for the C language. Could some
> experienced in other languages (e.g., ruby/python) propose some text for
> them?
>
> https://fedoraproject.org/wiki
Hello,
The currently proposed fedora maintainer instructions for the
system-wide crypto policy are mainly for the C language. Could some
experienced in other languages (e.g., ruby/python) propose some text for
them?
https://fedoraproject.org/wiki/User:Nmav/CryptoPolicies
regards,
Nikos
--
dev
- Original Message -
> IMHO, we need a crypto-expert or team to formally review this proposal,
Nikos, who proposed this, is a crypto expert :)
> to identify packages it affects and to advise packagers and upstreams on
> how to implement this, because I feel this proposal is way beyond the
Hello,
(resurrecting an really old thread, sorry about the delay.)
- Original Message -
> 1) Will I (as a hobbyist packager) be able to reach the proper
> conclusion, e.g. find the real place where these defaults are set, such
> as [4, 5]?
If you, as the package maintainer, who knows the p
On 08/28/2014 08:55 AM, Vít Ondruch wrote:
Dne 27.8.2014 22:42, James Antill napsal(a):
#topic #452 Crypto policies packaging guideline
.fpc 452
https://fedorahosted.org/fpc/ticket/452
Looking into this topic and the proposed guidelines [1], I am not sure
how to apply them for Ruby.
FPC
Dne 27.8.2014 22:42, James Antill napsal(a):
> #topic #452 Crypto policies packaging guideline
> .fpc 452
> https://fedorahosted.org/fpc/ticket/452
Looking into this topic and the proposed guidelines [1], I am not sure
how to apply them for Ruby.
On the first look, lo
40 matches
Mail list logo
