Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

seth vidal skvidal at
Wed Oct 12 20:37:24 UTC 2011

On Wed, 2011-10-12 at 22:13 +0200, Tomas Mraz wrote:
> > 
> > You have to remember, lots of our contributors aren't highly technical.
> > Some don't even know what a private key is.  They just follow the docs on
> > the website and get access to contribute.  Not everyone is a packager.
> OK, but then you should not penalize also the people who keep their SSH
> private keys only on safe private computers.

What can we do there? We can't separate out those with good practices
and those without.

And to be completely fair - I know of some interesting cases where very
trusted and competent people who practiced safe security behaviors just
made a mistake they didn't notice.

These are smart, capable people who simply made a mistake.

If you were to speak to them you would say "they have their stuff
together, no way they would make a mistake like this" But they did.

It happens.


More information about the devel mailing list