#2919 Change: Restore stricter SSH hostkeys permissions
Closed: Accepted a year ago by churchyard. Opened 2 years ago by bcotton.

We want to - drop a downstream-only patch to ssh permitting group-readable ssh host keys - drop a ssh_keys group - restore suid bit instead of sgid on a helper utility ssh-keysign

Owners, do not implement this work until the FESCo vote has explicitly ended.
The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed.
See the FESCo ticket policy and the Changes policy for more information.


It seems like this may briefly annoy some users, will significantly help some users, and will be totally irrelevant to the overwhelming majority of users. Given that, I think reducing divergence from upstream is absolutely the right thing to do, and it looks like adequate plans are in place to deal with any consequences to ansible/puppet/etc.

+1

Metadata Update from @churchyard:
- Issue tagged with: pending announcement

a year ago

Metadata Update from @churchyard:
- Issue close_status updated to: Accepted
- Issue status updated to: Closed (was: Open)

a year ago

Log in to comment on this ticket.

Metadata