Deprecate support for DSA keys
Overview
DSA keys have been deprecated due to weakness by OpenSSH, and we should wind down our support for these keys.
Approach
Disallow DSA SSH keys by setting the default setting in Visibility and access controls
to disallow these keys (an admin can still override the setting).
@rdavila
OP byFrom @godfat:
@rdavila What do you think if we just drop support for DSA? It's been deprecated and considered unsafe anyway?
Me:
I think that makes sense given OpenSSH has deprecated it but this implies a change in our codebase and also we may need to communicate our users about it. cc: @DouweM
From @DouweM:
@rdavila Hmm, we should definitely have a separate issue to discuss that, so that we can properly time the deprecation etc. I wonder how many keys on GitLab.com that would affect. If you can come up with a query that'll find that information, I can run it on production :)