mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
doc: Recommend against SHA1 OpenPGP signatures.
* doc/contributing.texi (Commit Access): Recommend against SHA1 signatures.
This commit is contained in:
parent
84133320b8
commit
4a84deda74
1 changed files with 10 additions and 0 deletions
|
@ -1187,6 +1187,16 @@ the OpenPGP key you will use to sign commits, and giving its fingerprint
|
|||
(see below). See @uref{https://emailselfdefense.fsf.org/en/}, for an
|
||||
introduction to public-key cryptography with GnuPG.
|
||||
|
||||
@c See <https://sha-mbles.github.io/>.
|
||||
Set up GnuPG such that it never uses the SHA1 hash algorithm for digital
|
||||
signatures, which is known to be unsafe since 2019, for instance by
|
||||
adding the following line to @file{~/.gnupg/gpg.conf} (@pxref{GPG
|
||||
Esoteric Options,,, gnupg, The GNU Privacy Guard Manual}):
|
||||
|
||||
@example
|
||||
digest-algo sha512
|
||||
@end example
|
||||
|
||||
@item
|
||||
Maintainers ultimately decide whether to grant you commit access,
|
||||
usually following your referrals' recommendation.
|
||||
|
|
Loading…
Reference in a new issue