kreyren/guix-kreyren
1
0
Fork 0
Code Issues 1 Pull Requests 1 Releases Activity

doc: Recommend against SHA1 OpenPGP signatures.

Browse Source 
* doc/contributing.texi (Commit Access): Recommend against SHA1
signatures.
This commit is contained in:
Ludovic Courtès 2020-05-02 23:53:25 +02:00
parent 84133320b8
commit 4a84deda74
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/contributing.texi
View File

@ -1187,6 +1187,16 @@ the OpenPGP key you will use to sign commits, and giving its fingerprint
(see below). See @uref{https://emailselfdefense.fsf.org/en/}, for an
introduction to public-key cryptography with GnuPG.
@c See <https://sha-mbles.github.io/>.
Set up GnuPG such that it never uses the SHA1 hash algorithm for digital
signatures, which is known to be unsafe since 2019, for instance by
adding the following line to @file{~/.gnupg/gpg.conf} (@pxref{GPG
Esoteric Options,,, gnupg, The GNU Privacy Guard Manual}):
@example
digest-algo sha512
@end example
@item
Maintainers ultimately decide whether to grant you commit access,
usually following your referrals' recommendation.