Hi Simon,
On Fri, Feb 21, 2025 at 11:27:00PM +0000, Santiago Vila wrote:
During a rebuild of all packages in unstable, your package failed to build:
<snip>
verify_test.go:563: Verify failed with error: pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: insecure algorithm SHA1-RSA" while trying to verify
candidate authority certificate "PKCS7 Test Intermediate Cert")
--- FAIL: TestSignWithOpenSSLAndVerify (0.01s)
I started looking into this issue because it's threatening autoremoval
of podman, by virtue of being in its reverse-dependency chain. I don't
know anything else about this package, nor have I made any uploads for
it.
While looking into, I noticed that it's abandonware upstream, started
looking around and finally ended up finding your comment at
https://github.com/smallstep/pkcs7/issues/45 :)
From there I gather that:
a) you are already aware of this issue;
b) you've already worked around it for smallstep/pkcs7;
c) you're considering replacing fullsailor/pkcs7 with smallstep/pkcs7.
Gven all that It feels like perhaps you've intentionally haven't fixed
this fullsailor/pkcs7 bug, so I wanted to check with you before working
on it. I'd love to hear your thoughts on how to proceed!
Thanks,
Faidon
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)