Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Jon Ciesla limb at
Wed Oct 12 18:06:33 UTC 2011

> On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
>> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
>> > On 12 October 2011 17:44, Kevin Fenzi <kevin at> wrote:
>> > > All existing users of the Fedora Account System (FAS) at
>> > > are required to change
>> their
>> > > password and upload a NEW ssh public key before 2011-11-30.
>> >
>> > I have to upload a *new* public key? Why should I have two sets of
>> keys?
>> Meant 'replacement'. You can only have one key in FAS, afaict.
> You can have more than one. Just paste them in place all together.
> And we're verifying key changes by checking the fingerprint of the
> pubkeys vs your prior ones.

It's really not a huge hassle.  I've already done it.  I configured the
.ssh/config files where I needed to, and it doesn't conflict with any
other keys I have.  I don't get what the big deal is.  The disruption is,
like, five minutes of work.  The potential benefit is unknown, but
certainly not zero.

Why wait for a breach to do this?   This is a perfect time.  Doing it
after the 2008 breach was wise.  This is better.


> -sv
> --
> devel mailing list
> devel at

in your fear, seek only peace
in your fear, seek only love

-d. bowie

More information about the devel mailing list