Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Simo Sorce simo at redhat.com
Wed Oct 12 17:45:18 UTC 2011


On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
> On Wed, 12 Oct 2011 13:30:19 -0400
> Jeff Layton <jlayton at redhat.com> wrote:
> 
> > I have a question not covered here: I just changed my ssh key a week
> > or two ago in the wake of the kernel.org compromise...
> > 
> > Is my new key sufficient? I really don't want to have to re-distribute
> > my key to all of the various servers again.
> 
> Well, we talked about this some, but we don't have fingerprints from
> several weeks ago to check people against to confirm they uploaded a
> new key. 
> 
> Would it be possible for you to just make a new fedora only key? 

Can you stop asking useless security theater measures instead ?

My ssh keys are fine and I see no reason to change them for you.
If all projects I participate in were to ask me to change my keys I
would end up with a mess of different keys for absolutely no reason.

I have no problem with changing the password, but leave my ssh keys
alone, unless there is a real reason to ask people to change them.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the devel mailing list