| commit | 3c42b0ed7f3c5a762f912583a033733ec9c0e7bf | |
| author | Guillem Jover <guillem@debian.org> | |
| Fri, 23 Dec 2022 21:31:22 +0000 (23 22:31 +0100) | ||
| committer | Guillem Jover <guillem@debian.org> | |
| Sun, 15 Jan 2023 16:30:06 +0000 (15 17:30 +0100) | ||
| tree | 9d5c2634ede06470fe2b9c0c8534c8eef5e9b538 | treesnapshot (tar.gz zip) |
| parent | 0f877f11623b5037b0af1cd681c847fdaf0b43c0 | commitdiff |
Dpkg::OpenPGP::Backend::GnuPG: Set secure signing preferred algorithms
The current GnuPG defaults with --openpgp cater for heavy backwards
compatibility at the cost of being insecure but potentially being
compatible with very old programs.
We care more about secure defaults than backwards compatibility with
ancient programs, so we pass our preferences to gpg when signing. This
should also cover the case for users that have created old keys with
insecure key preferences which might end up producing insecure
signatures.
Fixes: commit b83114daa69c50d368199d00fbb67e190068b273
Closes: #1028961
The current GnuPG defaults with --openpgp cater for heavy backwards
compatibility at the cost of being insecure but potentially being
compatible with very old programs.
We care more about secure defaults than backwards compatibility with
ancient programs, so we pass our preferences to gpg when signing. This
should also cover the case for users that have created old keys with
insecure key preferences which might end up producing insecure
signatures.
Fixes: commit b83114daa69c50d368199d00fbb67e190068b273
Closes: #1028961
| scripts/Dpkg/OpenPGP/Backend/GnuPG.pm | diffblobblamehistory |