On Fri, Aug 22, 2008 at 9:35 AM, David Nalley <david.nalley@xxxxxxxxxxxxxxxxx> wrote: > On Fri, Aug 22, 2008 at 9:29 AM, Rahul Sundaram > <sundaram@xxxxxxxxxxxxxxxxx> wrote: >> Jeffrey Tadlock wrote: >> >>> I would agree with removing the speculation and guesses, including >>> removing the Debian thing. The DSA vs. RSA bit has some relevance as >>> Fedora Contributors are needing to re-upload their SSH keys to FAS and >>> DSA keys are no longer accepted to my knowledge. >> >> Yes, however this happened sometime *before* the incident. > > RSA-only has been stated policy - but I don't think it was actually > enforced until they brought FAS back up. Yes, that is correct. The How-To page used to show creating the ssh key as a DSA key. Then the Debian thing happened and the wiki page was changed to show creating RSA keys. The infrastructure team scanned the servers for vulnerable DSA keys, but did not force the removal of DSA keys shortly after the Debian issue. It was during the FAS rebuild over the past week that actual enforcement of no DSA keys was added. ~Jeffrey _______________________________________________ Fedora-news-list mailing list Fedora-news-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-news-list
