Cryptographic policies will be tightened in Fedora 38-39, SHA-1 signatures will no longer be trusted by default. Fedora 37 specifically doesn't come with any change of defaults, and this Fedora Change is an advance warning filed for extra visibility. Test your setup with FUTURE today and file bugs so you won't get bit by Fedora 38-39.
Owners, do not implement this work until the FESCo vote has explicitly ended. The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed. See the FESCo ticket policy and the Changes policy for more information.
+1
A week has passed and this only gained 1 positive vote. Leaving open for another week.
I'm not particularly happy with the consequences of this Change as discussed on the list, but I don't think there's anything we can do as FESCo to make the developers improve the crypto policy mechanism for application integration.
So, unfortunately, +1
After a week, this is approved with (+3, 0, -0)
Metadata Update from @sgallagh: - Issue tagged with: pending announcement
Announced: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/AEF4US5TEZK66YLG7UGGIGWW2HYP732E/
Metadata Update from @zbyszek: - Issue untagged with: pending announcement - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.