Update 16.x docs regarding ssh's SHA-1 RSA support in the docker image
The following discussion from !7035 (merged) should be addressed:
-
@Alexand started a discussion: (+8 comments) Question to Security review and backend maintianer
I'm unsure whether we should set the default to
false
ortrue
. Setting it totrue
means we're reverting the state to what we had before 16.0. Since the didn't deprecate this change properly, and broke the existing behaviour we had, arguably, it makes sense to bring it back.On the other hand, one could argue that bringing this to
false
by default would be reintroducing a security bug that was (unintentionally) fixed on 16.0. Since we also allow certain breaking changes, depending on the impact, when they're due to security fixes, we might want to ship this with the default tofalse
, and consider that introducing this option for the users to pick betweentrue|false
is a fair compromise between braking the original behaviour, but fixing a security bug and introducing a way for users to revert the behaviour.
We should default it to false
, and we should add it to https://docs.gitlab.com/omnibus/update/gitlab_16_changes.html that this has been changed.