invent.kde.org key exchange
Tobias Leupold
tl at stonemx.de
Mon Dec 15 13:35:36 GMT 2025
E-Mail von Sune Vuorela vom Montag, 15. Dezember 2025, 13:55:
> On 2025-12-15, Tobias Leupold <tl at stonemx.de> wrote:
> > as of recently, I get the following warning when communicating with
> > invent.kde.org:
> >
> > $ git pull
> > ** WARNING: connection is not using a post-quantum key exchange
> > algorithm.
> > ** This session may be vulnerable to "store now, decrypt later"
> > attacks.
> > ** The server may need to be upgraded. See https://openssh.com/pq.html
> >
> > Should we do something about this?
>
> We should probably at some point, but luckily we don't really do secret
> things on invent.
Well, that's the "I have nothing to hide" attitude that makes people use
WhatsApp ...
> Also, https://kawaiicon.org/talks/quantum-cryptanalysis/ and
> http://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf
A critical reader might consider this a rant ;-)
> /Sune
No hard feelings, I just thought the OpenSSH guys probably know what they're
talking about. Also, I don't get such a warning when connecting to the other
servers I use, so I simply wondered what's up here and why.
More information about the kde-devel
mailing list