Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
simo at redhat.com
Wed Oct 12 17:45:18 UTC 2011
On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
> On Wed, 12 Oct 2011 13:30:19 -0400
> Jeff Layton <jlayton at redhat.com> wrote:
> > I have a question not covered here: I just changed my ssh key a week
> > or two ago in the wake of the kernel.org compromise...
> > Is my new key sufficient? I really don't want to have to re-distribute
> > my key to all of the various servers again.
> Well, we talked about this some, but we don't have fingerprints from
> several weeks ago to check people against to confirm they uploaded a
> new key.
> Would it be possible for you to just make a new fedora only key?
Can you stop asking useless security theater measures instead ?
My ssh keys are fine and I see no reason to change them for you.
If all projects I participate in were to ask me to change my keys I
would end up with a mess of different keys for absolutely no reason.
I have no problem with changing the password, but leave my ssh keys
alone, unless there is a real reason to ask people to change them.
Simo Sorce * Red Hat, Inc * New York
More information about the devel