Re: F35 Change: Remove SHA-1 from Sqlite (Self-Contained Change proposal)

On Mon, 12 Jul 2021, Simo Sorce wrote: >> SQLite is a general-purpose tool. Not every use of SHA-1 is >> cryptographically relevant. Most uses in the context of SQLite probably >> aren't, so the removal just annoys users for no good reason. > > Note that this is a Sqlite decision, from RHEL engineering we only > requested the removal in digital signatures and where integrity > protection is required for security. > Also note that we do not require full removal, just that SHA-1 is not > used unless users intentionally change configuration. How does this affect users of NSS who have created "default" databases, eg using certutil -N ? Do these use SHA1? If so, can they be migrated to SHA2? Automatically ? Paul _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure