Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
seth vidal
skvidal at fedoraproject.org
Wed Oct 12 20:37:24 UTC 2011
On Wed, 2011-10-12 at 22:13 +0200, Tomas Mraz wrote:
> >
> > You have to remember, lots of our contributors aren't highly technical.
> > Some don't even know what a private key is. They just follow the docs on
> > the website and get access to contribute. Not everyone is a packager.
>
> OK, but then you should not penalize also the people who keep their SSH
> private keys only on safe private computers.
>
What can we do there? We can't separate out those with good practices
and those without.
And to be completely fair - I know of some interesting cases where very
trusted and competent people who practiced safe security behaviors just
made a mistake they didn't notice.
These are smart, capable people who simply made a mistake.
If you were to speak to them you would say "they have their stuff
together, no way they would make a mistake like this" But they did.
It happens.
-sv
More information about the devel
mailing list