= phenomenon =
I can't use my SSH DSA key because FAS not allow them.
= reason =
I see no good reason to simply prohibit SSH DSA keys, the Debian fiasco can be handled via a proper blacklist. I do not plan to change my SSH DSA key pair because of it, just to be able to participate to Fedora. See for example http://digitaloffense.net/tools/debian-openssl/
Enforce key length, blacklisted keys, etc. security policies but pretty please, do not trash all DSA SSH key pairs.
= recommendation =
See below.
Hi, sorry this ticket got lost. We're not forcing you to change your current DSA key pair - it's very easy to generate a different pair and use it just for Fedora things (I already do this to avoid having one compromised private key give access to everything).
Given how painless and nondisruptive it is to generate and use a new key, we decided that it wouldn't be worth adding a blacklist.
Login to comment on this ticket.