Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Ralf Corsepius rc040203 at freenet.de
Thu Oct 13 08:59:01 UTC 2011


On 10/12/2011 09:59 PM, Mike McGrath wrote:
> On Wed, 12 Oct 2011, Henrik Nordström wrote:
>
>> ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
>>
>>> Lots of people use and share keys across different projects.
>>
>> There is no security issue in sharing kes across different projects,
>> other than that it gives a strong hint that you are the same person in
>> both projects, much stronger than name or email.
>>
>
> Sorry I didn't explain it very well.
>
> 1) People share keys across different projects.
> 2) We've found PRIVATE keys on our servers
> 3) We have no reason to believe private keys that can authenticate to
> Fedora weren't on some of the compromised systems we've heard so much
> about.

4) There are indications for keys being shared between indivuals.

Ralf


More information about the devel mailing list