<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:03:16 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-23397] SHA1 warning for Debian Release file signature</title>
                <link>https://jira.mongodb.org/browse/SERVER-23397</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The use of SHA1 for Debian repository &lt;tt&gt;Release&lt;/tt&gt; files is &lt;a href=&quot;https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;deprecated with plans for removal&lt;/a&gt; and began causing the following warning in APT 1.2.7:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;W: gpgv:/var/lib/apt/lists/repo.mongodb.org_apt_debian_dists_wheezy_mongodb-org_3.0_Release.gpg: The repository is insufficiently signed by key 492EAFE8CD016A07919F1D2B9ECBEC467F0CEB10 (weak digest)&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Although the issue only affects upcoming Debian and Ubuntu releases that are not officially supported, it would be great for users and developers on these systems if you would consider updating your repository to include stronger hashes.&lt;/p&gt;

&lt;p&gt;Thanks,&lt;br/&gt;
Kevin&lt;/p&gt;</description>
                <environment></environment>
        <key id="275763">SERVER-23397</key>
            <summary>SHA1 warning for Debian Release file signature</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="sam.kleinman">Sam Kleinman</assignee>
                                    <reporter username="kevinoid">Kevin Locke</reporter>
                        <labels>
                    </labels>
                <created>Tue, 29 Mar 2016 16:11:39 +0000</created>
                <updated>Sat, 13 Aug 2016 00:07:29 +0000</updated>
                            <resolved>Tue, 9 Aug 2016 17:52:50 +0000</resolved>
                                                    <fixVersion>3.3.11</fixVersion>
                                    <component>Packaging</component>
                                        <votes>2</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="1351735" author="samk" created="Tue, 9 Aug 2016 17:52:36 +0000"  >&lt;p&gt;Sorry for the delay on updates here. After digging into this further, I&apos;ve made a change to our signing infrastructure that will force us to use SHA256 hashes when we sign these artifacts.&lt;/p&gt;

&lt;p&gt;The new signing protocol will impact the repositories as soon as new packages are published during the next release(s) across all branches. Expect to see this fixed during the release of 3.2.9 and 3.3.11. &lt;/p&gt;

&lt;p&gt;Cheers,&lt;br/&gt;
sam&lt;/p&gt;</comment>
                            <comment id="1330164" author="maxpolk" created="Wed, 20 Jul 2016 17:18:33 +0000"  >&lt;p&gt;It&apos;s officially broken now, this warning just went live:  &quot;I plan to enforce SHA2 for GPG signatures some time after the release of xenial, and definitely for Ubuntu 16.10, so around June-August (possibly during DebConf).&quot;&lt;/p&gt;

&lt;p&gt;Install mongodb-org 3.2.8 onto Linux Mint 18 Sarah, which is based on Ubuntu 16.04 LTS (Xenial Xerus), by creating /etc/apt/sources.list.d containing:&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;deb &lt;a href=&quot;http://repo.mongodb.org/apt/ubuntu&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://repo.mongodb.org/apt/ubuntu&lt;/a&gt; xenial/mongodb-org/3.2 multiverse&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;While trying to update the package list using apt update, I receive an error:&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;W: &lt;a href=&quot;http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/Release.gpg:&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/Release.gpg:&lt;/a&gt; Signature by key 42F3E95A2C4F08279C4960ADD68FA50FEA312927 uses weak digest algorithm (SHA1)&lt;/tt&gt;&lt;/p&gt;</comment>
                            <comment id="1299046" author="42" created="Sun, 19 Jun 2016 15:29:47 +0000"  >&lt;p&gt;Is anyone going to fix this issue? Because this was ignored for a long time, it means that you cannot really install mongodb on Ubuntu 16.04 LTS &amp;#8212; which really sucks.&lt;/p&gt;

&lt;p&gt;This is not the kind of problem that can be fixed with a PRs, and as far as I know there is no workaround.&lt;/p&gt;</comment>
                            <comment id="1218366" author="kevinoid" created="Tue, 29 Mar 2016 16:50:16 +0000"  >&lt;p&gt;Good to know.  Thanks for looking into the issue so quickly!  Let me know if there&apos;s anything else I can do to assist or test.&lt;/p&gt;</comment>
                            <comment id="1218352" author="ernie.hershey@10gen.com" created="Tue, 29 Mar 2016 16:42:38 +0000"  >&lt;p&gt;I believe this will involve upgrading apt and/or dpkg tools on our Debian and Ubuntu builders and/or the repo publishing server.&lt;/p&gt;

&lt;p&gt;From the same blog - &lt;a href=&quot;https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/&lt;/a&gt; - &lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Also note that SHA1 support is not dropped, we merely do not consider it trustworthy. This means that it feels like SHA1 support is dropped, because sources without SHA2 won&#8217;t work; but the SHA1 signatures will still be used in addition to the SHA2 ones, so there&#8217;s no point removing them (same for MD5Sum fields).&lt;/p&gt;&lt;/blockquote&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 29 Mar 2016 16:42:38 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        7 years, 27 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            7 years, 27 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>ernie.hershey@mongodb.com</customfieldvalue>
            <customfieldvalue>kevinoid</customfieldvalue>
            <customfieldvalue>maxpolk</customfieldvalue>
            <customfieldvalue>sam.kleinman</customfieldvalue>
            <customfieldvalue>42</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrkc7r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsnl3b:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1187">Build 2016-08-26</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;Follow instructions on &lt;a href=&quot;https://docs.mongodb.org/master/tutorial/install-mongodb-on-debian/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.org/master/tutorial/install-mongodb-on-debian/&lt;/a&gt;  Step 3, running &lt;tt&gt;apt-get update&lt;/tt&gt;, produces the warning.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrtvgf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>