On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote: > I have no problem with changing the password, but leave my ssh keys > alone, unless there is a real reason to ask people to change them.
Reading between the lines of recent attacks, it seems likely that private keys compromised in some of the attacks were used to perform others. (No-one's come out and officially said this yet but it seems pretty obvious from the subtext of some of the reports; I'm thinking kernel.org / linux.com, for e.g.) It doesn't seem at all unlikely that some people may have used the same identities on some of the other compromised systems as they are using on FAS, and hence it seems pretty reasonable to require this change. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
