Hi Peter,
On 11. Jun 2024, at 07:01, Peter Boy pboy@uni-bremen.de wrote:
Am 10.06.2024 um 20:16 schrieb Richard W.M. Jones rjones@redhat.com:
On Mon, Jun 10, 2024 at 01:43:57PM +0200, Vít Ondruch wrote:
I wish this proposal included some examples of what might get broken and what will keep working. I guess I am not the only one who have very vague understanding what is difference between "signatures" and "hashing" or other purposes SHA1 can be used for.
SSH and HTTPS to old machines (even old versions of Fedora & RHEL) and to old network equipment and the like will not be possible.
I'm annoyed that this is not just put behind the LEGACY policy, since if that's not what "legacy" is for, what _is_ it for?
As an aside, it'd be very nice if policies could be set per-process. That would greatly enhance security by allowing specific programs to connect to the legacy machines, while maintaining general system security.
Anyway, -1 from me.
Rich.
Anyway, -1 from me, too
For exactly that reason.
Can you elaborate what you would need, in addition to the LEGACY policy (which still allows these connections) and the runcp utility?