On 10/12/2011 09:59 PM, Mike McGrath wrote:
On Wed, 12 Oct 2011, Henrik Nordström wrote:
> ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
>
>> Lots of people use and share keys across different projects.
>
> There is no security issue in sharing kes across different projects,
> other than that it gives a strong hint that you are the same person in
> both projects, much stronger than name or email.
>
Sorry I didn't explain it very well.
1) People share keys across different projects.
2) We've found PRIVATE keys on our servers
3) We have no reason to believe private keys that can authenticate to
Fedora weren't on some of the compromised systems we've heard so much
about.
4) There are indications for keys being shared between indivuals.
Ralf