[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: F27 System Wide Change: NSS signtool deprecation
From: Jaroslav Reznik <jreznik () redhat ! com>
Date: 2017-07-06 16:38:36
Message-ID: CAMDqk54oEhNEGOx5N0qtUCrceas8E3Oiv8g3Q6ZNedsrR+Fnpg () mail ! gmail ! com
[Download RAW message or body]
= System Wide Change: NSS signtool deprecation =
https://fedoraproject.org/wiki/Changes/NSSSigntoolDeprecation
Change owner(s):
* Kai Engert <kaie@redhat.com>
Deprecate the NSS tool named signtool, currently shipped as part of
the nss-tools package, and available in the default search path at
/usr/bin/signtool. Move it to
/usr/lib*/nss/unsupported-tools/signtool.
== Detailed Description ==
The NSS signtool is hardcoded to use SHA1 for signatures, however,
SHA1 is no longer considered secure. Because it seems difficult to
change the signtool default to make use of a more secure hash
algorithm in a backwards and forwards compatible way, and because
signtool might no longer be required for common uses, the suggestion
is to deprecate it.
See also [1] and [2]
== Scope ==
* Proposal owners:
The work required to implement this change is a simple packaging change.
* Other developers:
Users who used signtool for signing Jar/Zip/etc. files must use a
different tool. A possible alternative is the jarsigner tool, which is
shipped as part of the java-*-openjdk-devel package.
* Release engineering: [1]
* List of deliverables:
N/A
* Policies and guidelines:
N/A, no changes should be necessary.
* Trademark approval:
N/A (not needed for this Change)
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1345528
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1444136
[3] https://pagure.io/releng/issue/6882
Thanks,
Jaroslav
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic