On Tue, May 31, 2022 at 12:28 PM Vitaly Zaitsev via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > On 31/05/2022 10:21, Petr Pisar wrote: > > Not in current F37 FUTURE policy the user tested. > > Yes. If the new F37 cryptographic policy considers RSA-2048 to be weak, > it should be reverted. The actual proposal is in the OP. Not only there's no such thing as "new F37 policy" happening, the F39 DEFAULT does allow RSA-2048, and this is spelled out upfront in the proposal text in the OP. RSA-3072 is only the minimum for the opt-in FUTURE policy, which has been the case since at least F28. > Many servers still use RSA-2048 (the default in Let's Encrypt). And that's why it is going to be accepted in DEFAULT even in F39+. Please tone down the FUD, your signal/noise ratio has been record low over the last few weeks, with statements being technically true and most of the time agreeable, yet inexplicably resulting in a net negative benefit to the discussion. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
