Recently, in , we hit an issue about SHA1 signatures in - Pavel wrote it down

If you still sign packages using SHA1, you should read it.

@mirek I've faced this recently. AFAIR it was on Centos Stream 9 with k3s installer. But I'm not sure. I need to check. Or maybe it was Centos Stream 9 container... I'll try to reproduce but cannot promise;)

@lig Red Hat does not use SHA1 since RHEL6 (included). But lots of other vendors use it. Still. It needs to be reported to these vendors.

@mirek Good point, thanks! I'll make sure to report it to a vendor next time I experience the issue.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!