Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
awilliam at redhat.com
Wed Oct 12 18:27:50 UTC 2011
On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote:
> Storing a public key is not an issue, so the fact I use my key with
> different projects has absolutely no bearing on my exposure, zero,
> zilch. Unless I store my *private* keys on non-personal machines.
I rather suspect this is exactly what happened in some of the
compromises. (Note the other recent FAS security notification, which
specifically told people not to store their private keys on fedorapeople
and said that any found on fedorapeople would be automatically deleted.
I wonder what could *possibly* be the motivation for such a move to
happen. Right at this particular point in history.)
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
More information about the devel