<p>On Sep 29, 2011 12:16 PM, "seth vidal" <<a href="mailto:skvidal@fedoraproject.org">skvidal@fedoraproject.org</a>> wrote:<br>
><br>
> Hi,<br>
><br>
> I'd like to put a new policy in place which goes something like this:<br>
><br>
> If you upload your private keys (encrypted or not) we will remove them,<br>
> then we will remove your public keys from FAS and force you to login and<br>
> give a new one in FAS.<br>
><br>
> We do the last step on the basis that your private key, being on a<br>
> networked, multi-user machine is now exposed to the world and<br>
> potentially compromised. So we can no longer trust it.<br>
><br>
> thoughts?<br>
><br>
> Thanks,<br>
> -sv<br>
><br>
><br>
><br>
> _______________________________________________<br>
> infrastructure mailing list<br>
> <a href="mailto:infrastructure@lists.fedoraproject.org">infrastructure@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/infrastructure">https://admin.fedoraproject.org/mailman/listinfo/infrastructure</a><br>
I'm definitely saying +1. I'm guilty of putting my keys on bastion though, but I deleted them a while back. </p>
<p>Is there a way we can make users not able to write to that file, or have a cron job automatically sweep and delete private keys, as well as notify users that we found a private key, and it was deleted, and their public key in FAS if it was also removed, and that they have to add a new one (maybe even ensure it's different) ?</p>
<p>Darren VanBuren</p>