Hi David,
David Woodhouse <dwmw2(a)infradead.org> writes:
On Fri, 2022-04-29 at 17:49 -0400, Ben Cotton wrote:
> This document represents a proposed Change. As part of the Changes
> process, proposals are publicly announced in order to receive
> community feedback. This proposal will only be implemented if approved
> by the Fedora Engineering Steering Committee.
>
>
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning1
>
>
> == Summary ==
>
> Cryptographic policies will be tightened in Fedora 38-39,
> SHA-1 signatures will no longer be trusted by default.
> Fedora 37 specifically doesn't come with any change of defaults,
> and this Fedora Change is an advance warning filed for extra visibility.
> Test your setup with FUTURE today and file bugs so you won't get bit
> by Fedora 38-39.
>
Changes like this have been very disruptive in the past because they
haven't been completely thought through.
Can we please make 100% sure these policies are not going to break
things like VPN clients in the way that we have before.
They are going to break things, but Ubuntu 22.04 deprecated SHA1
signatures already, so it's very likely that a good chunk of the fallout
will be cleared by the time Fedora 38 and 39 ship.
Cheers,
Dan