Menu
▾
▴
#1637 Signature signatures on executables and installer use vulnerable SHA1 hash
SHA1 has been known to be vulnerable for a long time, as reported by Google:
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Digital signatures should be using SHA256 or SHA512, not SHA1, or they offer false protection.
No way to edit ticket title. Sigh.
will be changed to sha256 in the next release