On Fri, 3 Mar 2023 at 15:56, Ben Cotton <bcotton(a)redhat.com> wrote:
The current target release date is the early target date
(2023-03-14).
The Go/No-Go meeting will be Thursday!
Action summary
====================
Accepted blockers
-----------------
1. distribution — Workstation boot x86_64 image exceeds maximum size — POST
ACTION: gdb maintainers to remove the 'Recommends' for gcc-gdb-plugin from
gdb
2. crypto-policies — Insecure installed RPMs (like Google Chrome)
prevent system updates in F38, can't be removed — NEW
ACTION: Upstream to implement MR #129
2. crypto-policies —
https://bugzilla.redhat.com/show_bug.cgi?id=2170878
— NEW
Insecure installed RPMs (like Google Chrome) prevent system updates in
F38, can't be removed
Some third-party repos (including Google Chrome) that sign packages
with SHA-1 cannot be uninstalled, which breaks upgrades. This was
designated a blocker by FESCo. Work is in progress upstream to allow
RPM to permit SHA-1 in the default policy while third-party repos
update to a supported hash function:
https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/129
I think the issue is 'larger' than SHA-1. Google Chrome and some other 3rd
party software seem to be signed with keys which are both SHA1 and DSA
keys. Either one of these would cause the problem with not being able to
update/uninstall/etc and since one is a checksum and the other is an
encryption type need possibly different solutions.
--
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren