Source: crypto-policies
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Section: utils
Priority: optional
Standards-Version: 4.7.2
Build-Depends: debhelper-compat (= 13),
               dh-python,
               asciidoc,
               default-jdk,
               gnutls-bin,
               python3,
               python3-coverage,
               python3-pytest

Package: crypto-policies
Architecture: all
Depends: python3, ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}
Description: crypto-policies - system-wide crypto policies overview
 The security of cryptographic components of the operating system does not
 remain constant over time. Algorithms, such as cryptographic hashing and
 encryption, typically have a lifetime, after which they are considered either
 too risky to use or plain insecure. That means, we need to phase out such
 algorithms from the default settings or completely disable them if they could
 cause an irreparable problem.
 .
 While in the past the algorithms were not disabled in a consistent way and
 different applications applied different policies, the system-wide
 crypto-policies followed by the crypto core components allow consistently
 deprecating and disabling algorithms system-wide.
 .
 The individual policy levels (DEFAULT, LEGACY, and FUTURE) are included
 in the crypto-policies(7) package. In the future, there will be also a
 mechanism for easy creation and deployment of policies defined by the system
 administrator or a third party vendor.
 .
 For rationale, see RFC 7457 for a list of attacks taking advantage of legacy
 crypto algorithms.
