Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Adam Williamson awilliam at
Wed Oct 12 19:20:09 UTC 2011

On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote:
> ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
> > Lots of people use and share keys across different projects.
> There is no security issue in sharing kes across different projects,

Sure there is. There's the exact same problem as using the same password
across multiple projects: if someone compromises the key they have
compromised all of those projects. If you use a different key for each
project, an attacker can only compromise one project with any given key.
Sure, ssh keys are much harder to compromise than passwords, but
_assuming a compromise has happened_ the consequences of using a single
key for everything are just as bad as using a single password for
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the devel mailing list