On Wed, 2023-03-01 at 19:39 -0600, John Morris wrote:
Second solution is to revert Fedora's new paranoia that will detonate any old package. "sudo update-crypto-policies --set LEGACY" and get on with life for another Fedora release cycle... then the madmen will break things again. It is a cryptoweenie thing, break anything more than a few years old while autistically screeching "but it is INSECUUUURE!"
"Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible."
That was from *2017*.
https://www.computerworld.com/article/3173616/the-sha1-hash-function-is-now-...