Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Adam Williamson awilliam at redhat.com
Wed Oct 12 18:27:50 UTC 2011


On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote:

> Storing a public key is not an issue, so the fact I use my key with
> different projects has absolutely no bearing on my exposure, zero,
> zilch. Unless I store my *private* keys on non-personal machines.

I rather suspect this is exactly what happened in some of the
compromises. (Note the other recent FAS security notification, which
specifically told people not to store their private keys on fedorapeople
and said that any found on fedorapeople would be automatically deleted.
I wonder what could *possibly* be the motivation for such a move to
happen. Right at this particular point in history.)
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net



More information about the devel mailing list