Hello, On Wed 19 Mar 2025 at 12:25am +01, Simon Josefsson wrote:
> Sean Whitton <spwhit...@spwhitton.name> writes: > >> That should be enough! If you were able to do at least one upload using >> 'dgit push-source' for each package to confirm everything is okay, that >> would be great. > > I'll try. I got a SSH push warning on first use -- how would I verify > this host SSH key? What's the risk uploaders getting MITM'ed here? > > The authenticity of host 'push.dgit.debian.org (2001:41b8:202:deb::311:78)' > can't be established. > ED25519 key fingerprint is SHA256:O4i2PPFELuj49wYZSwLt+a2r356sB19KMCFhrUKkYiM. > This key is not known by any other names. > Are you sure you want to continue connecting (yes/no/[fingerprint])? I would suggest grabbing /etc/ssh/known_hosts from a Debian host for which you already have the host key cached. -- Sean Whitton
