Dpkg::OpenPGP::Backend::GnuPG: Set secure signing preferred algorithms (3c42b0ed) · Commits · PureOS / Core Packages / dpkg

Commit 3c42b0ed authored 2 years ago by Guillem Jover

Dpkg::OpenPGP::Backend::GnuPG: Set secure signing preferred algorithms

The current GnuPG defaults with --openpgp cater for heavy backwards
compatibility at the cost of being insecure but potentially being
compatible with very old programs.

We care more about secure defaults than backwards compatibility with
ancient programs, so we pass our preferences to gpg when signing. This
should also cover the case for users that have created old keys with
insecure key preferences which might end up producing insecure
signatures.

Fixes: commit b83114da
Closes: #1028961

parent 0f877f11

No related branches found

No related tags found

1 merge request!4Update crimson to version from bookworm

Hide whitespace changes

Inline Side-by-side

Showing with 3 additions and 0 deletions

Please register or to comment

Admin message

Admin message

Dpkg::OpenPGP::Backend::GnuPG: Set secure signing preferred algorithms