Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Henrik Nordström henrik at
Wed Oct 12 18:19:27 UTC 2011

The password change is understandable, but why force an SSH key change
with such short notice?

And what if the SSH key is a hard token (smartcard) which can not be
copied or trivially changed? Switching to a soft key would be mostly
counter-productive from a security point of view. Now I were not
currently using my hard token smartcard key for Fedora for other reasons
but I would had been quite annoyed by this change requirement if I were.

And why is so much of the Fedora inftrastructure relying on plain text
password exchanges (within SSL, but still plain text at the Fedora
servers) when there is both HTTP digest authentication (no plaintext
seen by Fedora servers) and SSL certificates and SSH keys which all
three serves a much better identification method?

And you forgot the one most important DON'T in the list. Never use the
same password for two different systems. Do not use the same password
for Fedora account as you use for Hotmal / GMail / At Work / Facebook /

But even then, the security of Fedora accounts is no stronger than the
security of the email associated with an account. Quite pointless to try
to bolster the security very high when all that is needed to take over a
standard Fedora account is to have access to the email (account or
traffic) of the Fedora account. Sure, a full account takeover is more
likely to get noticed than a stolen password, but it still sets the
level of expected security.


More information about the devel mailing list