Debian Stretch (9.0)
Details
Jul 5 2019
I guess this has been fixed as the proposed line already exists.
Jul 15 2018
Jul 3 2018
May 29 2018
Apr 23 2018
Apr 21 2018
By the way, OBS has an unfortunate tendency to get stuck when a lot of build jobs exist - such as right now. Maybe that issue is fixed in a newer OBS version as well?
Apr 20 2018
Unfortunately it doesn't. I agree that using HTTPS should mitigate the MitM risk, but I still have to explicitly mark the repository as trusted for APT to accept it.
Apr 19 2018
The weakness in SHA1 is a collision risk, not an active compromise vector.
Apr 17 2018
We don't support Ubuntu 14.04.
Playing around with a custom-created key (osc signkey --create home:sicherha:Testproject) still yields a repository signed with SHA1 only.
Bumping priority because I'm getting closer to providing packages for Debian Stretch.
Apr 8 2018
Temporary workaround:
- Mark repository as [trusted=yes]
- Follow https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872543#10
- Hope you don't get MitM'd
Apr 4 2018
Apr 2 2018
Mar 6 2018
Dec 8 2017
Dec 4 2017
Dec 1 2017
Nov 4 2017
Oct 17 2017
Sep 18 2017
Current Winterfell seems to have it fixed:
Winterfell seems to use newest boot now:
Sep 11 2017
OK, this is all me ;-)
Aug 28 2017
Bumping cyrus-imapd didn't solve the problem, unfortunately - it got built with Perl 5.22 again.
Aug 27 2017
It's just not getting rebuilt automatically. Let's bump something and therefore trigger a rebuild, so that existing installations receive an update too (now possibly preventing an unstable system from being updated to a stable system).
Aug 20 2017
Assigning to Jeroen. (Are there any others who also take care of the OBS?)
Done.
Looks like some manual interaction is necessary:
https://en.opensuse.org/openSUSE:Build_Service_Tips_and_Tricks#Removing_disabled_but_built_packages_from_a_repository