Special issue #140
Jeffrey Tadlock
jeffreyt at fedoraproject.org
Fri Aug 22 13:41:14 UTC 2008
On Fri, Aug 22, 2008 at 9:35 AM, David Nalley
<david.nalley at fedoraproject.org> wrote:
> On Fri, Aug 22, 2008 at 9:29 AM, Rahul Sundaram
> <sundaram at fedoraproject.org> wrote:
>> Jeffrey Tadlock wrote:
>>
>>> I would agree with removing the speculation and guesses, including
>>> removing the Debian thing. The DSA vs. RSA bit has some relevance as
>>> Fedora Contributors are needing to re-upload their SSH keys to FAS and
>>> DSA keys are no longer accepted to my knowledge.
>>
>> Yes, however this happened sometime *before* the incident.
>
> RSA-only has been stated policy - but I don't think it was actually
> enforced until they brought FAS back up.
Yes, that is correct. The How-To page used to show creating the ssh
key as a DSA key. Then the Debian thing happened and the wiki page
was changed to show creating RSA keys. The infrastructure team
scanned the servers for vulnerable DSA keys, but did not force the
removal of DSA keys shortly after the Debian issue. It was during the
FAS rebuild over the past week that actual enforcement of no DSA keys
was added.
~Jeffrey
More information about the news
mailing list