Hello,

According to the response from upstream [1], it seems I have come up with a solution too quickly. I apologize for this. I will go through a cancellation process of this Change Proposal, as there seems to be no valid reason to remove SHA-1 support in sqlite.

Thanks for your help and understanding.

Regards,

Ondrej

[1] https://sqlite.org/forum/forumpost/eec8e1bc739aee7d?raw

On Sun, Jul 11, 2021 at 7:04 PM Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> wrote:

On Sat, Jul 10, 2021 at 12:13:20AM +0200, Felix Schwarz wrote:
>
> Am 09.07.21 um 17:45 schrieb Ben Cotton:
> >== Detailed Description ==
> >The use of SHA-1 is no longer permitted for Digital Signatures or
> >authentication in RHEL-9. Due to this reason, there is a need to
> >remove SHA-1 extension from sqlite in RHEL-9 and therefore also
> >Fedora.
>
> I don't think that this is a valid logical conclusion. Fedora is
> (should be?) upstream to RHEL 9 so you can disable SHA1 in RHEL 9
> but keep it enabled in Fedora. There is certainly no "need" for this
> change as demonstrated by the various packaging changes done in
> RHEL.
>
> (FWIW I don't particularly care about SHA1 functionality in sqlite.)

Also: if it is not the recommended choice, why not just select
something else as the default (which is already the case, iiuc),
and let users use sha-1 to access existing databases?

Zbyszek
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure