Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 610730

Summary: Get rid of SHA-1 in Manifest
Product: Gentoo Security Reporter: Quentin Minster <quentin>
Component: MiscAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal CC: fturco
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Quentin Minster 2017-02-23 21:19:00 UTC 
SHA-1 collisions are now a thing, so it's about time to get rid of SHA-1 hashes in Manifest files.

The following packages have SHA-1 digests:
  dev-java/jdbc-informix
  dev-java/jdbc-oracle-bin
  dev-java/sun-j2ee-deployment-bin
  dev-util/its4

Unfortunately they are all fetch-restricted, so I couldn't check for collisions on them.