What | Removed | Added |
---|---|---|
Status | NEW | RESOLVED |
Resolution | --- | WONTFIX |
That is correct; it was dropped. https://github.com/yast/yast-ca-management https://fate.suse.com/319119 (not public, just as a reference) There was a long discussion about that, but in the end it was still dropped. Key points for the drop request (just enumerating, I was not part of that discussion or of the decision): - Not FIPS compliant, using algorithms that were identified as insecure in the meantime - RSA only, no new key algorithms like DSA or elliptic curve keys - openSSL changes a lot and required constant maintenance in that module - support for new algorithms missing and/or not tested; unsure if sha256 works correctly - maintainer moving on to another position within the company and no replacement maintainer in sight - major rewrite necessary with all the changes going on in that general area It was mentioned in the discussion that migrating to openCA might be an option. I am sorry to be the bearer of this kind of bad news, but for the forseeable future, there will be no real equivalent YaST module. If you consider this important and if you see many users affected, please raise a discussion on openSUSE mailing lists what can be done about it; maybe there are volunteers willing to take this over as an Open Source project or maybe start a new one to fulfill the needs. Or maybe somebody knows an already existing good alternative. But please understand that SUSE as a company made the decision to not spend any more resources on maintaining this in the current state (after many years of doing so), so please refrain from simply reopening this bug.