You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cargo install sequoia-sqv
curl -O https://github.com/rust-lang/rustup/blob/master/src/rust-key.pgp.ascii
curl -O https://static.rust-lang.org/dist/channel-rust-nightly.toml
curl -O https://static.rust-lang.org/dist/channel-rust-nightly.toml.asc
sqv --keyring rust-key.pgp.ascii channel-rust-nightly.toml{.asc,}
Signing key on 108F66205EAEB0AAA8DD5E1C85AB96E6FA1BE5FE is not bound:
No binding signature at time 2023-02-01T00:44:45Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2023-02-01T00:00:00Z
To fix: switch to a stronger digest
Not sure where gpg is called exactly, somewhere in one of the promote-release scripts?
The text was updated successfully, but these errors were encountered:
SHA1 is now rejected by sequoia and rustup
See https://www.reddit.com/r/rust/comments/10qlf1q/nightly_dc1d9d50f_20230131_signature_verification/ and rust-lang/rustup#3185
Steps to reproduce the issue:
To fix: switch to a stronger digest
Not sure where gpg is called exactly, somewhere in one of the promote-release scripts?
The text was updated successfully, but these errors were encountered: