Hi,
Fedora Final release criterion says: The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale which cannot be satisfactorily resolved by a package update (e.g. issues during installation).
I've discovered this bug from jjelen https://bugzilla.redhat.com/show_bug.cgi?id=89216
The gist is that Fedora uses a (silently) modified sshd_config from openssh upstream, which sets `PermitRootLogin yes` instead of the upstream default of `prohibit-password` and this sounds like it would be an important or higher impact security impact leaving it set to yes.
Could someone reply here or in the bug with such an assessment?
Thanks!