We want to - drop a downstream-only patch to ssh permitting group-readable ssh host keys - drop a ssh_keys group - restore suid bit instead of sgid on a helper utility ssh-keysign
Owners, do not implement this work until the FESCo vote has explicitly ended. The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed. See the FESCo ticket policy and the Changes policy for more information.
+1
It seems like this may briefly annoy some users, will significantly help some users, and will be totally irrelevant to the overwhelming majority of users. Given that, I think reducing divergence from upstream is absolutely the right thing to do, and it looks like adequate plans are in place to deal with any consequences to ansible/puppet/etc.
APPROVED (+4, 0, -0)
Metadata Update from @churchyard: - Issue tagged with: pending announcement
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/RNJZUX3ZI34DIX6E4PVDKYQWCOFDQ4UY/
Metadata Update from @churchyard: - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.