infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Lambertus (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (INFRA-12041) id.apache.org should insist on full fingerprints
Date Wed, 07 Jun 2017 05:01:18 GMT

     [ https://issues.apache.org/jira/browse/INFRA-12041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris Lambertus resolved INFRA-12041.
-------------------------------------

Any efforts in this regard will likely fall upon the whimsy PMC. Infra will not be making
this change.

> id.apache.org should insist on full fingerprints
> ------------------------------------------------
>
>                 Key: INFRA-12041
>                 URL: https://issues.apache.org/jira/browse/INFRA-12041
>             Project: Infrastructure
>          Issue Type: Planned Work
>          Components: Selfserve
>            Reporter: Sebb
>            Priority: Trivial
>
> The id.apache.org service currently allows just about anything in the asf-pgpKeyFingerprint
field.
> Since 32-bit short keys have been shown to be non-unique, and spoofable [1], the service
should only allow fingerprints.
> [1] http://gwolf.org/node/4070



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message