Comment 7 for bug 1964486

> Default to SHA256 for key fingerprints.

Typically changes should go upstream first, and it doesn't seem this was patched upstream yet or even an issue opened? And not patched in Debian yet either?

> MD5 is long deprecated, OpenSSH has switched to SHA256.

is this accurate even for key fingerprints used only in log messages? i didn't think that the hash function really mattered from a security perspective if used only for key fingerprints (this is a hash of the *public* key, right?), and md5 fingerprints seem fairly common still? Shouldn't this change at least be proposed upstream before making this change in ubuntu? Making this change only for FIPS would be one thing, but unilaterally changing this for all users might not be appropriate?