On 2025-10-25 00:49:30 +0300 (+0300), Maksim Malchuk wrote: [...]
OpenSSH 10 is a great solution, but the question is how to deal with current OSes?
For example Ubuntu 24.04 (current LTS) still uses OpenSSH 9.6, but MLKEM support was added only in the OpenSSH 9.9. Should we use backports? or wait for 25.04 support in deployment tools and do an upgrade? [...]
This sounds like a great question for your operating system vendor. I don't think the OpenStack community can solve that problem for you (nor should we try to). Being flexible and adaptive to the ever-changing security landscape is something we should aspire to regardless, and doesn't require a quantum boogeyman to make it so. We can work on keeping OpenStack secure, and let the people who make operating systems work on keeping those secure, whether it's from quantum key factoring at some point in the (impossible to predict) future, or the very many actual real-world threats we all face today. -- Jeremy Stanley