How long will the temporary brownout last? #24033
-
Today there was a temporary brownout process ongoing for SHA-1 RSA keys thus making it impossible for me to use GitHub on some platforms. However, that does not apply to every repository only to some of them. Is there any approximate time or date when this brownout process will stop? |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments
-
Why don’t you just create a new key and add it to your account? The idea of a brownout is to help users identify systems that need to be updated. You’ve identified things, start updating them. Eventually your SHA-1 keys will not work at all.
Improving Git protocol security on GitHub | The GitHub BlogWe’re changing which keys are supported in SSH and removing unencrypted Git protocol. If you’re an SSH user, read on for the details and timeline. Est. reading time: 6 minutes |
Beta Was this translation helpful? Give feedback.
-
Read the article already and I understand what the solution is but the platform which I use has yet to support SHA-2. A brownout helps users identify systems that need to be updated but doesn’t mean it’s the final removal/deprecation. That will happen on March 15th. A brownout doesn’t mean SHA-1 keys aren’t supposed to work anymore, it is supposed to be the case for March 15th |
Beta Was this translation helpful? Give feedback.
-
What platform are you on that doesn’t support SHA-2? If you’re using RHEL6 (or older), you can probably package a newer version of openssh yourself and install that… |
Beta Was this translation helpful? Give feedback.
-
A SaaS deployment tool |
Beta Was this translation helpful? Give feedback.
-
I’d expect 24 hours. I hope you’ve already:
|
Beta Was this translation helpful? Give feedback.
-
Thank you for your insight, yes migration is always an option but not something that can be done immediately. |
Beta Was this translation helpful? Give feedback.
-
Hi @egzon-korenica ! I’m not sure if there is even a predefined set time for the duration of a brownout, but @jsoref is definitely right. These brownouts are a warning to migrate as soon as possible to a better alternative. If your SaaS provider can’t get this right straight away, I’d reconsider doing business with them. Good luck with fixing it! |
Beta Was this translation helpful? Give feedback.
Why don’t you just create a new key and add it to your account?
The idea of a brownout is to help users identify systems that need to be updated. You’ve identified things, start updating them.
Eventually your SHA-1 keys will not work at all.
Improving Git protocol security on GitHub | The GitHub Blog
We’re changing which keys are supported in SSH and removing unencrypted Git protocol. If you’re an SSH user, read on for the details and timeline.
Est. reading time: 6 minutes