Hi, Fedora Final release criterion says: The release must contain no known security bugs of 'important' or higher impact according to the Red Hat severity classification scale which cannot be satisfactorily resolved by a package update (e.g. issues during installation). I've discovered this bug from jjelen https://bugzilla.redhat.com/show_bug.cgi?id=89216 The gist is that Fedora uses a (silently) modified sshd_config from openssh upstream, which sets `PermitRootLogin yes` instead of the upstream default of `prohibit-password` and this sounds like it would be an important or higher impact security impact leaving it set to yes. Could someone reply here or in the bug with such an assessment? Thanks! -- Chris Murphy _______________________________________________ security mailing list -- security@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to security-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/security@xxxxxxxxxxxxxxxxxxxxxxx
