hey all...
not sure if this is the appropriate spot to share or not, but was the
closest I could find "security @ fedora"....
while working on a project, I searched for "Fedora" ami images in the
new-ish AWS region us-east-2 ("ohio"), and was pleasantly surprised to find
the easily discoverable and recognizable ami "Fedora release 26
(ami-f3a18096)" (as well as a a "Fedora release 25".....)
upon booting, I was concerned to find an extra ssh authorized key in
~fedora/.ssh/authorized_keys, and soon realized this was _not_ a sanctioned
Fedora release (as confirmed from
https://alt.fedoraproject.org/cloud/).
While yes, this is my fault for not starting from a trusted reference to
find a reliable AMI, I found this a pretty easy pit to fall into.
Don't know if there's a remedy, other than getting real Fedora images into
the frontier AWS regions, but thought that I should share...
--b