#196 Please provide keys under the full hash
Closed: Fixed 8 months ago by codeblock. Opened 8 months ago by zbyszek.

Currently the website provides "convenient" short 32-bit key names (8 hexadecimal characters).
This does not have direct security impact, but is in general very bad style (https://evil32.com/, https://security.stackexchange.com/q/74009/19837). Using the short identifiers on the fedora website encourages the use of the same short identifiers in other places, and we just shouldn't do this. And actually, there's no reason to use those short identifiers. Nobody types this by hand, and c&p for 8 characters takes as much time as c&p for 40 characters.

Please use the full 40 character names for the keys files. (I guess the old names should be redirects for backwards compat, at least for the names that keys that are currently published).

New keys can use the full fingerprint for the filename, sure. I'm not planning to change the old ones (if someone else wants to take that on and deal with the redirects on the infra side, be my guest).

Metadata Update from @codeblock:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

8 months ago

Login to comment on this ticket.