Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
rc040203 at freenet.de
Thu Oct 13 08:59:01 UTC 2011
On 10/12/2011 09:59 PM, Mike McGrath wrote:
> On Wed, 12 Oct 2011, Henrik Nordström wrote:
>> ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
>>> Lots of people use and share keys across different projects.
>> There is no security issue in sharing kes across different projects,
>> other than that it gives a strong hint that you are the same person in
>> both projects, much stronger than name or email.
> Sorry I didn't explain it very well.
> 1) People share keys across different projects.
> 2) We've found PRIVATE keys on our servers
> 3) We have no reason to believe private keys that can authenticate to
> Fedora weren't on some of the compromised systems we've heard so much
4) There are indications for keys being shared between indivuals.
More information about the devel