I expect there to be further discussion along these lines. When a tool can be used for both legal and illegal purposes, how do judge whether the technology is too risky to include?
A policy such as this needs to be balanced with some specific tests concerning likely or forseeable use to put some guidance in place for the packaging community and for future Boards members into the very subjective discretionary space this policy carves out.
This would be easier if the Fedora Board were a legally binding court of law in some jurisdiction. If they were the boards resulting policy statement would help clarify risks. But since they aren't this policy has to be viewed in the light of an ongoing risk-management conversation.