[tor-bugs] #21694 [- Select a component]: Tor source tarball signed with sha1

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 4 23:31:44 UTC 2017 

#21694: Tor source tarball signed with sha1
----------------------------------+------------------------------------
 Reporter:  cypherpunks           |          Owner:  (none)
     Type:  defect                |         Status:  reopened
 Priority:  Medium                |      Milestone:  Tor: 0.3.1.x-final
Component:  - Select a component  |        Version:  Tor: 0.3.1.7
 Severity:  Normal                |     Resolution:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
 Reviewer:                        |        Sponsor:
----------------------------------+------------------------------------

Comment (by isis):

 Maybe try also setting (in `~/.gnupg/gpg.conf`):

 {{{
 personal-digest-preferences SHA512 SHA384 SHA256
 }}}

 The preferences which you had set when you created the key are burned into
 the key, but `gpg2 --export-options 'export-minimal' --export
 FE43009C4607B1FB | pgpdump | grep 'Hash alg'` says that it's SHA256, so I
 honestly don't know what is getting it to use SHA1.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21694#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list