On Sat, Jul 10, 2021 at 12:13:20AM +0200, Felix Schwarz wrote:
Am 09.07.21 um 17:45 schrieb Ben Cotton:
>== Detailed Description ==
>The use of SHA-1 is no longer permitted for Digital Signatures or
>authentication in RHEL-9. Due to this reason, there is a need to
>remove SHA-1 extension from sqlite in RHEL-9 and therefore also
>Fedora.
I don't think that this is a valid logical conclusion. Fedora is
(should be?) upstream to RHEL 9 so you can disable SHA1 in RHEL 9
but keep it enabled in Fedora. There is certainly no "need" for this
change as demonstrated by the various packaging changes done in
RHEL.
(FWIW I don't particularly care about SHA1 functionality in sqlite.)
Also: if it is not the recommended choice, why not just select
something else as the default (which is already the case, iiuc),
and let users use sha-1 to access existing databases?
Zbyszek