A quick FAQ: the reason all DSA keys have been removed from fd.o and we aren't accepting any new ones is that they are vulnerable to man-in-the-middle attacks if they have ever been used (not just generated) on a system with a predictable RNG: see Steinar's summary of the maths. We're going with precedent of debian.org rejecting DSA keys, and a general desire to be safe rather than sorry. RSA keys are the default in OpenSSH anyway, so I'm not really sure why you'd want to generate DSA.