Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Bernd Stramm bernd.stramm at
Wed Oct 12 23:20:54 UTC 2011

On Wed, 12 Oct 2011 16:40:07 -0400
seth vidal <skvidal at> wrote:

> On Wed, 2011-10-12 at 22:34 +0200, Tomas Mraz wrote:
> > Unnecessary work is kind of punishment.
> > 
> > BTW what prevents the people who do not care about their SSH
> > private key security to upload their new SSH key to a compromised
> > system immediately after their generate it again?
> Nothing prevents them from doing it. But this action, here, today, is
> trying to stave off risk from PAST compromises of others systems. It
> is not trying to stave off FUTURE compromises.
> It's like changing your house locks if you lose your keys. Nothing
> keeps you from losing your keys again - but you're completely certain
> that the old keys are useless now.

I for one am fairly certain that the folks who left their private keys 
on public systems will do that again, fairly quickly. I am also fairly
certain that they are not following this debate.

Bernd Stramm
bernd.stramm at

More information about the devel mailing list