Project: | Trisquel |
Version: | 7.0 |
Component: | Installer |
Category: | bug report |
Priority: | normal |
Assigned: | Unassigned |
Status: | active |
I tried to verify the iso image of trisquel 7 (http://cdimage.trisquel.info/trisquel-images/trisquel_7.0_amd64.iso) and i noticed that is using a weak key (https://trisquel.info/files/trisquel-archive-signkey.gpg) and SHA1 digest algorithm.
pub dsa1024 2007-01-14 [SC]
E6C27099CA21965B734AEA31B4EFB9F38D8AEBF1
uid [ unknown] Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>
sub elg2048 2007-01-14 [E]
---
gpg> showpref
[ unknown] (1). Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify