Revision as of 08:20, 9 July 2021

Sqlite SHA-1

Summary

Removal of deprecated crypto algorithm SHA-1 from sqlite.

Owner

Name: Ondrej Dubaj
Email: odubaj@redhat.com

Current status

Targeted release: Fedora 35
Last updated: 2021-07-09
FESCo issue: <will be assigned by the Wrangler>
Tracker bug: <will be assigned by the Wrangler>
Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

The use of SHA-1 is no longer permitted for Digital Signatures or authentication in RHEL-9. Due to this reason, there is a need to remove SHA-1 extension from sqlite in RHEL-9 and therefore also Fedora. The removal of the extension was discussed with sqlite upstream development, who confirmed, that it is safe to remove it and should not impact other functionality of sqlite.

Feedback

Benefit to Fedora

This change brings update in terms of removing usage of deprecated crypto algorithms as users should not use them. Also it keeps Fedora project up-to-date with the newest RHEL release, what is beneficial for future releases.

Scope

Proposal owners:
- Prepare patch for removing SHA-1 algorithm from sqlite
- Discuss the possible issues with upstream
- Push the changes to Fedora

Other developers:
- Do not use SHA-1 algorithm in sqlite

Release engineering: #Releng issue number
- No further coordination is required for this change

Policies and guidelines: N/A (not needed for this Change)
- No guidelines need to be updated according to this change

Trademark approval: N/A (not needed for this Change)

Alignment with Objectives:

Upgrade/compatibility impact

How To Test

User Experience

Dependencies

Contingency Plan

Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
Contingency deadline: N/A (not a System Wide Change)
Blocks release? N/A (not a System Wide Change), Yes/No

Documentation

N/A (not a System Wide Change)

Release Notes

@@ Line 86: / Line 86: @@
 * Proposal owners:
 <!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
+** Prepare patch for removing SHA-1 algorithm from sqlite
+** Discuss the possible issues with upstream
+** Push the changes to Fedora
 * Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- What work do other developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
+** Do not use SHA-1 algorithm in sqlite
 * Release engineering: [https://pagure.io/releng/issues #Releng issue number] <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.
 The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->
+** No further coordination is required for this change
 * Policies and guidelines: N/A (not needed for this Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- Do the packaging guidelines or other documents need to be updated for this feature?  If so, does it need to happen before or after the implementation is done?  If a FPC ticket exists, add a link here. Please submit a pull request with the proposed changes before submitting your Change proposal. -->
+** No guidelines need to be updated according to this change
 * Trademark approval: N/A (not needed for this Change)

Search

Changes/Sqlite SHA-1: Difference between revisions