On Thu, Mar 11, 2021 at 03:50:57PM +0100, Daniel Pocock wrote: > > > On 11/03/2021 12:13, Florian Weimer wrote: > > * Richard W. M. Jones: > > > >> I really hope we don't remove the ability to connect to old servers > >> (eg. running RHEL 5). At the moment you have to opt-in by setting the > >> crypto-policy to LEGACY and running update-crypto-policies(8), which > >> is bearable. > > > > In the past (long, long ago), I had to enable Telnet on target devices > > to work around incompatible cryptography policies. I hope we are not > > going to return to that. > > Giving people an option to use broken crypto on-demand may appear > reasonable at first glance. In practice, there are sites where people > turn it on to meet a deadline or end a service outage and then they > never go back to remove it. Ideally there would be some ssh option to enable it on the single ssh command (rather than globally). This would solve the problem you've outlined there. The context here is P2V/V2V where we are connecting to old physical machines and virtualizing them or pulling VMs off them on to modern systems. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
