On Mon, 2011-10-10 at 10:40 -0600, Kevin Fenzi wrote:
ok, after folding in changes, I have the following draft. Comments/corrections/etc welcome.
DRAFT-DRAFT-DRAFT
Subject: IMPORTANT: Manditory password and ssh key change by 2011-11-30
^^^^^^^^^ Mandatory.
Summary:
All existing users of the Fedora Account System (FAS) at https://admin.fedoraproject.org/accounts are required to change their password and upload a NEW ssh public key by 2011-11-30. Failure to do so may result in your account being marked inactive.
Backgound and reasoning:
This change event has NOT been triggered by any specific compromise or vulnerability in Fedora Infrastructure. Rather, we believe, due to the large number of high profile sites with security breaches in recent months, that this is a great time for all Fedora contributors and users to review their security settings and move to "best practices" on their machines. Additionally, we are putting in place new rules for passwords to increase their entropy and make them harder to guess.
maybe dump the 'entropy' as some of our users are going to be lost there.
maybe: "Additionally, we are putting in place new rules for passwords to make them harder to guess."
-sv