Woah, this new article says a lot of weak-Debian keys were found. Does this mean Github had a regression in their blacklisting since 2009? Or maybe they didn't blacklist enough originally?
Actually the facts are not incompatible here. There are two questions: Are weak Debian keys accepted in the web app? Are weak Debian keys accepted by their SSH.
The answers were yes and no. It's the same for most systems right now. You can put a weak Debian key in authorised keys, but you won't be able to login anyway.
The answers were yes and no. It's the same for most systems right now. You can put a weak Debian key in authorised keys, but you won't be able to login anyway.