www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (INFRA-12042) home.apache.org key file generator should only use full fingerprints
Date Sun, 05 Jun 2016 15:46:59 GMT

     [ https://issues.apache.org/jira/browse/INFRA-12042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sebb resolved INFRA-12042.
--------------------------
    Resolution: Fixed

Date: Sun Jun  5 15:29:34 2016
New Revision: 990006

Log:
INFRA-12042 only use full fingerprints

Modified:
    infrastructure/trunk/projects/home/tools/pgp.lua


> home.apache.org key file generator should only use full fingerprints
> --------------------------------------------------------------------
>
>                 Key: INFRA-12042
>                 URL: https://issues.apache.org/jira/browse/INFRA-12042
>             Project: Infrastructure
>          Issue Type: Improvement
>          Components: Website
>         Environment: http://home.apache.org/keys/committer/
>            Reporter: Sebb
>
> The committer keys files are generated from LDAP, and currently accept both short key
ids and full fingerprints.
> Since 32-bit short keys have been shown to be non-unique, and spoofable [1], the extraction
process should only use fingerprints for generating the committer keys files.
> [1] http://gwolf.org/node/4070



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message