mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 05:48:07 -05:00
doc: Recommend against SHA1 OpenPGP signatures.
* doc/contributing.texi (Commit Access): Recommend against SHA1 signatures.
This commit is contained in:
parent
84133320b8
commit
4a84deda74
1 changed files with 10 additions and 0 deletions
|
@ -1187,6 +1187,16 @@ the OpenPGP key you will use to sign commits, and giving its fingerprint
|
||||||
(see below). See @uref{https://emailselfdefense.fsf.org/en/}, for an
|
(see below). See @uref{https://emailselfdefense.fsf.org/en/}, for an
|
||||||
introduction to public-key cryptography with GnuPG.
|
introduction to public-key cryptography with GnuPG.
|
||||||
|
|
||||||
|
@c See <https://sha-mbles.github.io/>.
|
||||||
|
Set up GnuPG such that it never uses the SHA1 hash algorithm for digital
|
||||||
|
signatures, which is known to be unsafe since 2019, for instance by
|
||||||
|
adding the following line to @file{~/.gnupg/gpg.conf} (@pxref{GPG
|
||||||
|
Esoteric Options,,, gnupg, The GNU Privacy Guard Manual}):
|
||||||
|
|
||||||
|
@example
|
||||||
|
digest-algo sha512
|
||||||
|
@end example
|
||||||
|
|
||||||
@item
|
@item
|
||||||
Maintainers ultimately decide whether to grant you commit access,
|
Maintainers ultimately decide whether to grant you commit access,
|
||||||
usually following your referrals' recommendation.
|
usually following your referrals' recommendation.
|
||||||
|
|
Loading…
Reference in a new issue