Hi Colin, On 1/26/25 16:21, Colin Watson wrote: > 3072-bit RSA seems like a fine default at the moment, > and I expect that Debian will follow future changes made upstream.
while I fully agree and don't think that the debian package should divert from upstream here, as an admin I do use different defaults for systems I maintain. >From a config management point of view, this is very cumbersome as the postinst do re-create missing things/fallback to upstream defaults. To make it nicer for admins to locally deviate from the defaults.. how about internal preseed option(s) not shown to the user to select host-keys to be generated? Would you accept patches for this? Regards, Daniel
