Proposal for action: SSH Key, User Cert and Password Flag Day
seth vidal
skvidal at fedoraproject.org
Mon Sep 12 16:05:21 UTC 2011
On Mon, 2011-09-12 at 12:01 -0400, Adam M. Dutko wrote:
> I think a "security event driven" change policy would be more
> effective than an arbitrary change policy driven by a deadline.
>
> LinuxCode asked me about this in #fedora-noc after I mentioned:
>
> "... there is conflicting evidence (one might call it 'opinion' more
> than evidence) as to whether frequent changes are effective ... just a
> thought"
>
> The article that precipitated this comment was one published by Bruce
> Schneier [0]. Again, this is "yet another opinion."
>
>
I'm not arguing about the efficacy of frequent changes. Nor am I
recommending we do it often. I'm saying right now, here, today, we force
a change.
Not once a month
Not once every 3 months
Not at any fixed schedule.
Not on a boat
Not with a goat.
-sv
More information about the infrastructure
mailing list