Muva nje izindaba zakhishwa ngabathuthukisi bephrojekthi ye-Fedora futhi kungukuthi baye bazisa uhlelo lokukhubaza usekelo lwamasiginesha edijithali ye-SHA-1 ngokukhishwa kwe-"Fedora Linux 39".
Kushiwo ukuthi uhlelo lokukhubaza amasiginesha lusho ukuqeda ukwethenjwa kumasiginesha asebenzisa i-SHA-1 hashe (SHA-224 izomenyezelwa njengobuncane obuvunyelwe kumasiginesha edijithali), kodwa ukugcina ukusekelwa kwe-HMAC nge-SHA-1 kanye nokunikeza amandla okunika amandla iphrofayela ye-LEGACY nge-SHA-1.
Isizathu esikhulu esenza abathuthukisi be-Fedora bafinyelele kulesi siphetho ukuthi ukuphela kokusekelwa kwamasiginesha asekelwe ku-SHA-1 kungenxa yokwanda kokusebenza kahle kokuhlaselwa kokushayisana ngesiqalo esinikeziwe (izindleko zokukhetha ukungqubuzana zilinganiselwa emashumini ambalwa ezinkulungwane zamaRandi). Ngokungeziwe kulokho kuziphequluli, izitifiketi ezigunyazwe kusetshenziswa i-algorithm ye-SHA-1 zimakwe njengezingavikelekile kusukela maphakathi no-2016.
Ushintsho olukhulu kulokhu kuzoba wukungawathembi amasiginesha e-SHA-1.
ezingeni le-cryptographic library, elithinta okungaphezu nje kwe-TLS.I-OpenSSL izoqala ukuvimba ukudalwa nokuqinisekiswa kwamasiginesha ngokuzenzakalelayo,
nemvula elindelwe ezoba yanele ngokwanele
ukuze senze ushintsho ngemijikelezo eminingi
ngezaziso eziningi
ukunikeza abathuthukisi nabalondolozi isikhathi esanele sokusabela.
Kuhle ukusho ukuthi ngemva kokusebenzisa izinguquko ezichaziwe, umtapo wezincwadi we-OpenSSL ngokuzenzekelayo uzovimba ukukhiqizwa nokuqinisekiswa kwamasiginesha nge-SHA-1.
Ukuvalwa kuhlelwe ukuthi kwenziwe ngezigaba eziningana, njengasekukhishweni kwe-Fedora Linux 36 no-37, amasiginesha asekelwe ku-SHA-1 azosuswa kunqubomgomo ethi "FUTURE", futhi ngihlela ukuhlinzeka ngenqubomgomo yokuhlola TEST-FEDORA39 ukuze kukhubazwe i-SHA-1 ngesicelo somsebenzisi (buyekeza -izinqubomgomo ze-crypto- setha TEST-FEDORA39), lapho udala futhi uqinisekisa amasiginesha asekelwe ku-SHA-1, izexwayiso zizoboniswa kulogu.
Ku-Fedora 39, izinqubomgomo zizoba, ngombono we-TLS:
ILIFA
I-MAC: wonke ama-HMAC ane-SHA1 noma ngaphezulu + wonke ama-MAC esimanje (Poly1305, njll.)
Amajika: wonke ama-primes >= 255 bits (kuhlanganise namajika kaBernstein)
Ama-algorithms wesiginesha: SHA-1 hashi noma okungcono (ayikho i-DSA)
Ama-ciphers: konke kuyatholakala > ukhiye we-112-bit, >= 128-bit block (ayikho i-RC4 noma i-3DES)
Ukushintshaniswa okubalulekile: ECDHE, RSA, DHE (ngaphandle kwe-DHE-DSS)
Usayizi wepharamitha ye-DH: >=2048
Usayizi wepharamitha ye-RSA: >=2048
Imithetho elandelwayo ye-TLS: TLS >= 1.2
Ngemva kwalokho, ngesikhathi sokukhishwa kwangaphambili kwe-beta kwe-Fedora Linux 38, inqolobane izoba nenqubomgomo emelene namasiginesha e-SHA-1, kodwa lolu shintsho ngeke lusebenze ku-beta nokukhishwa kwe-Fedora Linux 38. Ngokukhishwa kwe-Fedora Linux 39, inqubomgomo yokuhoxiswa kwesiginesha ye-SHA-1 izosetshenziswa ngokuzenzakalelayo.
Uhlelo oluhlongozwayo alukabuyekezwa yi-FESCo (Fedora Engineering Steering Committee), enesibopho ingxenye yobuchwepheshe ukuthuthukiswa ukusatshalaliswa Fedora.
Ngakolunye uhlangothi, Kuyafaneleka futhi ukwengeza ukuthi ku-Red Hat uxwayisiwe mayelana nokuphela kosekelo lwelabhulali ye-GTK 2, iqala ngegatsha elilandelayo leRed Hat Enterprise Linux.
Iphakheji ye-gtk2 ngeke ifakwe ekukhishweni kwe-RHEL 10, okuzosekela kuphela i-GTK 3 ne-GTK 4. I-GTK 2 ikhishiwe ngenxa yokuhoxiswa kwesethi yamathuluzi kanye nokuntuleka kokusekelwa kobuchwepheshe besimanje obufana ne-Wayland, i-HiDPI, ne-HDR.
Ikhithi yamathuluzi isisize ngokubonga, kodwa isiqala ukubonisa ubudala bayo ngokuphathelene nobuchwepheshe besimanje obufana ne-Wayland, izibonisi ze-HiDPI, i-HDR, nobunye.
Izinhlelo ezihlala ziboshelwe ku-GTK 2, njenge-GIMP ne-Ardour, kulindeleke ukuthi zibe nesikhathi sokuthuthela emagatsheni e-GTK amasha ngaphambi kuka-2025, okulindeleke ukuthi ikhulule i-RHEL 10. Ku-Ubuntu 22.04, amaphakheji angu-504 asebenzisa i-libgtk2 njengokuncika.
Isizathu sokusho lokhu ukuthi ushintsho olunjalo lugcina senziwe kwezinye izinguqulo ezilandelayo ze-Fedora.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho mayelana nohlu lwezinguquko ezihlelelwe ukukhubaza amasignesha, ungabheka imininingwane ku isixhumanisi esilandelayo.