On Tue, May 31, 2022 at 12:28 PM Vitaly Zaitsev via devel
<devel(a)lists.fedoraproject.org> wrote:
On 31/05/2022 10:21, Petr Pisar wrote:
> Not in current F37 FUTURE policy the user tested.
Yes. If the new F37 cryptographic policy considers RSA-2048 to be weak,
it should be reverted.
The actual proposal is in the OP.
Not only there's no such thing as "new F37 policy" happening,
the F39 DEFAULT does allow RSA-2048,
and this is spelled out upfront in the proposal text in the OP.
RSA-3072 is only the minimum for the opt-in FUTURE policy,
which has been the case since at least F28.
Many servers still use RSA-2048 (the default in Let's Encrypt).
And that's why it is going to be accepted in DEFAULT even in F39+.
Please tone down the FUD,
your signal/noise ratio has been record low over the last few weeks,
with statements being technically true and most of the time agreeable,
yet inexplicably resulting in a net negative benefit to the discussion.