[Secure-testing-team] Bug#825124: debarchiver: allow to configure which crypto algos are accepted for uploads
Christoph Anton Mitterer
calestyo at scientia.net
Mon May 23 20:06:47 UTC 2016
Package: debarchiver
Version: 0.10.5
Severity: normal
Tags: security
Hi.
Not sure how easy this can be done, but debarchiver should allow to reject
weak crypto alog uploads, including:
- signatures on the dsc/etc. files being uploaded that use a too weak
digest-algo for the signture itself
- a too weak certificate signature algos, i.e. the algo used for the key/uid
and subkey binding signatures of the keys that are being trusted as
uploaders
- .dsc/etc. files that contain too weak Cheksum entries, e.g. MD5 os SHA1 only.
Thanks,
Chris.
More information about the Secure-testing-team
mailing list