Diffusion GnuPG 7d9aad63c4f1

gpg: Ignore all SHA-1 signatures in 3rd party key signatures.

Authored by werner on Oct 3 2019, 6:20 PM.

Description

gpg: Ignore all SHA-1 signatures in 3rd party key signatures.

* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
and remove debug output.

With 2.2 we do not not support SHA-1 key signatures anymore even if
that means that the WoT shrinks.

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Committed
wernerOct 3 2019, 6:20 PM
Parents
rGc4f2d9e3e1d7: gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
Branches
Unknown
Tags
Unknown