http://bugzilla.suse.com/show_bug.cgi?id=1092496
http://bugzilla.suse.com/show_bug.cgi?id=1092496#c1
Stefan Hundhammer changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Stefan Hundhammer ---
That is correct; it was dropped.
https://github.com/yast/yast-ca-management
https://fate.suse.com/319119 (not public, just as a reference)
There was a long discussion about that, but in the end it was still dropped.
Key points for the drop request (just enumerating, I was not part of that
discussion or of the decision):
- Not FIPS compliant, using algorithms that were identified as insecure in the
meantime
- RSA only, no new key algorithms like DSA or elliptic curve keys
- openSSL changes a lot and required constant maintenance in that module
- support for new algorithms missing and/or not tested; unsure if sha256 works
correctly
- maintainer moving on to another position within the company and no
replacement maintainer in sight
- major rewrite necessary with all the changes going on in that general area
It was mentioned in the discussion that migrating to openCA might be an option.
I am sorry to be the bearer of this kind of bad news, but for the forseeable
future, there will be no real equivalent YaST module.
If you consider this important and if you see many users affected, please raise
a discussion on openSUSE mailing lists what can be done about it; maybe there
are volunteers willing to take this over as an Open Source project or maybe
start a new one to fulfill the needs. Or maybe somebody knows an already
existing good alternative.
But please understand that SUSE as a company made the decision to not spend any
more resources on maintaining this in the current state (after many years of
doing so), so please refrain from simply reopening this bug.
--
You are receiving this mail because:
You are on the CC list for the bug.