i'm an Infra n00b, but definitely +1 out of good practice.
On Thu, Sep 29, 2011 at 3:21 PM, Stephen Gallagher sgallagh@redhat.com wrote:
On Thu, 2011-09-29 at 15:16 -0400, seth vidal wrote:
Hi,
I'd like to put a new policy in place which goes something like this:
If you upload your private keys (encrypted or not) we will remove them, then we will remove your public keys from FAS and force you to login and give a new one in FAS.
We do the last step on the basis that your private key, being on a networked, multi-user machine is now exposed to the world and potentially compromised. So we can no longer trust it.
thoughts?
+1
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure