On 10/12/2011 07:44 PM, Kevin Fenzi wrote:
>
> Q&A:
>
>
> Q: I never uploaded a ssh key to the Fedora Account System, nor am I
> in a group that needs one, do I still have to upload a new one?
>
> A: No. If you don't have a ssh public key uploaded or desire to do so,
> you can just change your pass
Hey, everyone. It's that time again - there's a Test Day coming up
tomorrow. This one's of particular interest to you devel list readers,
so prick up your ears!
https://fedoraproject.org/wiki/Test_Day:2011-10-13_Fedora_Packager_for_Eclipse
The topic is the Fedora Packager for Eclipse plugin, whic
On Thu, 2011-10-13 at 11:44 +1100, Bojan Smojver wrote:
> Interestingly, the IGP 340M (RS200) ATI graphics hardware is still not
> supported for 3D stuff. Just FYI.
Even more interestingly, dmesg and Xorg.0.log contain all the right
things and yet, mutter won't start. I guess being in Intel graphi
On Wed, 12 Oct 2011 20:23:55 -0400
Orcan Ogetbil wrote:
> On Wed, Oct 12, 2011 at 12:44 PM, Kevin Fenzi wrote:
> >
> > New Password Rules:
> ...
> > * No maximum length.
> >
>
> I thought about this for a while. Is this ever possible? What kind of
> storage do we use?
Yeah, in practice there's
On Wed, 2011-10-12 at 19:44 -0500, Richard Shaw wrote:
> I'm the maintainer of a (relatively) simple python utility called
> discspan[1] which I'd like to package for Fedora.
>
> It currently relies on HAL via dbus to determine when media is loaded
> and its capacity. I'm trying to remove the depe
I'm the maintainer of a (relatively) simple python utility called
discspan[1] which I'd like to package for Fedora.
It currently relies on HAL via dbus to determine when media is loaded
and its capacity. I'm trying to remove the dependency on HAL since
it's been depreciated for some time but the d
On Thu, 2011-10-13 at 09:30 +1100, Bojan Smojver wrote:
> HP Pavilion ZE4201
Interestingly, the IGP 340M (RS200) ATI graphics hardware is still not
supported for 3D stuff. Just FYI.
--
Bojan
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/de
On Thu, 2011-10-13 at 11:15 +1100, Bojan Smojver wrote:
> Let's see whether this is something that can be replicated.
When the installation finished and I pressed the reboot button, a
message flashed briefly at the bottom of the screen. Something like: RPM
database cannot be opened. So, it looked
Once upon a time, Orcan Ogetbil said:
> On Wed, Oct 12, 2011 at 12:44 PM, Kevin Fenzi wrote:
> > New Password Rules:
> ...
> > * No maximum length.
>
> I thought about this for a while. Is this ever possible? What kind of
> storage do we use?
Yeah, I saw that too. A literal "no maximum length"
On Wed, Oct 12, 2011 at 12:44 PM, Kevin Fenzi wrote:
>
> New Password Rules:
...
> * No maximum length.
>
I thought about this for a while. Is this ever possible? What kind of
storage do we use?
Orcan
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/lis
On Thu, 2011-10-13 at 09:30 +1100, Bojan Smojver wrote:
> Installed F-16 Beta i686 onto it with no trouble whatsoever.
Installing again, this time I picked the updates repository as well.
Let's see whether this is something that can be replicated.
--
Bojan
--
devel mailing list
devel@lists.fe
On 10/12/2011 10:44 AM, Kevin Fenzi wrote:
> Q: How do I generate a new ssh key? How do I use it for just Fedora
> hosts?
>
> A: See http://fedoraproject.org/wiki/Cryptography and use a
> ~/.ssh/config file to match fedoraproject.org hosts for that key.
So just a message to say, thanks for the ins
On Wed, 12 Oct 2011 19:20:54 -0400
Bernd Stramm wrote:
> I for one am fairly certain that the folks who left their private
> keys on public systems will do that again, fairly quickly.
I'm not so sure. I hope some of them will take a minute to read and
follow best practices.
> I am also
> fair
On Wed, 12 Oct 2011 16:40:07 -0400
seth vidal wrote:
> On Wed, 2011-10-12 at 22:34 +0200, Tomas Mraz wrote:
> > Unnecessary work is kind of punishment.
> >
> > BTW what prevents the people who do not care about their SSH
> > private key security to upload their new SSH key to a compromised
> > s
John Reiser bitwagon.com> writes:
> > I resurrected an old notebook (HP Pavilion ZE4201) to test some stuff
> > under relatively low memory conditions (768 MB on the box).
>
> This can be simulated on any larger machine by appending " mem=768m"
> (note all lower case) to the end of the kernel bo
> I resurrected an old notebook (HP Pavilion ZE4201) to test some stuff
> under relatively low memory conditions (768 MB on the box).
This can be simulated on any larger machine by appending " mem=768m"
(note all lower case) to the end of the kernel boot command line.
--
--
devel mailing list
d
On Thu, 2011-10-13 at 00:04 +0200, Henrik Nordström wrote:
> ons 2011-10-12 klockan 21:41 +0200 skrev Thomas Spura:
>
> > I set them often to 1, but don't want to upkarma my own update because
> > it feels like cheating...
> >
> > Especially updates, that fix a broken package, are an examples, t
On Wed, 2011-10-12 at 18:17 -0400, Paul Wouters wrote:
> On Wed, 12 Oct 2011, Tomas Mraz wrote:
>
> > Except nobody says or said that DNS without DNSSEC leads to the
> > automatic connection with such setting.
>
> I answered that multiple times, including today with a vast amount of screen
> pa
On 12 October 2011 19:30, Tom Callaway wrote:
> Okay. Your configurations are the default configs (with the notable
> exception of enabling the xinetd.d/tftp service).
>
> On my x86_64 laptop running Fedora 16, with iptables reasonably normal,
> I installed "tftp" and "tftp-server", and changed "
This is probably not worthy of a bug report, but may still be useful to
confirm a problem that someone else may have experienced.
I resurrected an old notebook (HP Pavilion ZE4201) to test some stuff
under relatively low memory conditions (768 MB on the box). Installed
F-16 Beta i686 onto it with
On Wed, 12 Oct 2011, Tomas Mraz wrote:
> Except nobody says or said that DNS without DNSSEC leads to the
> automatic connection with such setting.
I answered that multiple times, including today with a vast amount of screen
pasting
into https://bugzilla.redhat.com/show_bug.cgi?id=180277 to show
On Wed, 2011-10-12 at 16:27 -0400, Simo Sorce wrote:
> Sorry Adam but this is BS, if your laptop is stolen you MUST replace all
> your keys anyways because you cannot count on them not being
> compromised, period. So this complex scenario is just mirrors and smoke.
It's an example of a situation
ons 2011-10-12 klockan 21:41 +0200 skrev Thomas Spura:
> I set them often to 1, but don't want to upkarma my own update because
> it feels like cheating...
>
> Especially updates, that fix a broken package, are an examples, that the
> current path (with forcing updates in updates-testing) taken i
On Wed, 2011-10-12 at 17:41 -0400, Sam Varshavchik wrote:
> Kevin Fenzi writes:
>
> > New Password Rules:
> >
> > * Nine or more characters with lower and upper case letters, digits and
> > punctuation marks.
> > * Ten or more characters with lower and upper case letters and digits.
> > * Twelv
ons 2011-10-12 klockan 15:15 -0500 skrev Jon Ciesla:
> Well, no, actually it just means you just need to use a different key for
> Fedora. There's no reason you can't keep using that key everywhere else
> you're using it.
Sure I could buy another token just for fedora, just don't see what it
wou
On Wed, Oct 12, 2011 at 05:41:33PM -0400, Sam Varshavchik wrote:
> Guess how many people will have their password set to
> "abcdefghijklmnopqrstuvwxyz".
> It meets the new criteria.
And is much better than "abcdefgh" which was their old pwd.
--
sven === jabber/xmpp: s...@lankes.net
--
devel m
ons 2011-10-12 klockan 14:59 -0500 skrev Mike McGrath:
> 1) People share keys across different projects.
Yes.
> 2) We've found PRIVATE keys on our servers
Which should lead to immediate account suspension, no matter if that key
is the Fedora key or some other key.
And in reality it's not relat
Kevin Fenzi writes:
New Password Rules:
* Nine or more characters with lower and upper case letters, digits and
punctuation marks.
* Ten or more characters with lower and upper case letters and digits.
* Twelve or more characters with lower case letters and digits
* Twenty or more characters
On Wed, 2011-10-12 at 22:50 +0200, Pierre-Yves Chibon wrote:
> On Wed, 2011-10-12 at 16:27 -0400, Simo Sorce wrote:
> > On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote:
> > > On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
> > >
> > > > That's a nonsense. Simply said. If I have a pr
On Wed, 2011-10-12 at 16:27 -0400, Simo Sorce wrote:
> On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote:
> > On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
> >
> > > That's a nonsense. Simply said. If I have a properly generated random
> > > ssh private key with a strong passphrase t
On Wed, 2011-10-12 at 22:34 +0200, Tomas Mraz wrote:
> Unnecessary work is kind of punishment.
>
> BTW what prevents the people who do not care about their SSH private key
> security to upload their new SSH key to a compromised system immediately
> after their generate it again?
Nothing prevents
On Wed, 2011-10-12 at 22:13 +0200, Tomas Mraz wrote:
> >
> > You have to remember, lots of our contributors aren't highly technical.
> > Some don't even know what a private key is. They just follow the docs on
> > the website and get access to contribute. Not everyone is a packager.
>
> OK, but
On Wed, 2011-10-12 at 15:22 -0500, Mike McGrath wrote:
> On Wed, 12 Oct 2011, Tomas Mraz wrote:
>
> > On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote:
> > > On Wed, 12 Oct 2011, Henrik Nordström wrote:
> > >
> > > > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
> > > >
> > > > > Lo
On Wed, Oct 12, 2011 at 08:19:27PM +0200, Henrik Nordström wrote:
>
> And why is so much of the Fedora inftrastructure relying on plain text
> password exchanges (within SSL, but still plain text at the Fedora
> servers) when there is both HTTP digest authentication (no plaintext
> seen by Fedora
On Wed, 2011-10-12 at 14:18 -0600, Kevin Fenzi wrote:
> On Wed, 12 Oct 2011 22:13:11 +0200
> Tomas Mraz wrote:
>
> >
> > OK, but then you should not penalize also the people who keep their
> > SSH private keys only on safe private computers.
>
> We're sorry if it's causing you inconvenience. We
On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote:
> On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
>
> > That's a nonsense. Simply said. If I have a properly generated random
> > ssh private key with a strong passphrase that I never put outside of my
> > workstations and safe backup
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=745337
Steven Pritchard changed:
What|Removed |Added
--
On Wed, 2011-10-12 at 13:49 -0600, Kevin Fenzi wrote:
> On Wed, 12 Oct 2011 20:19:27 +0200
> Henrik Nordström wrote:
>
> > The password change is understandable, but why force an SSH key change
> > with such short notice?
>
> Short? 1.5 months?
>
> How long would you like?
>
> > And what if t
On Wed, 12 Oct 2011, Tomas Mraz wrote:
> On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote:
> > On Wed, 12 Oct 2011, Henrik Nordström wrote:
> >
> > > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
> > >
> > > > Lots of people use and share keys across different projects.
> > >
> > > T
On Wed, 2011-10-12 at 12:48 -0700, Adam Williamson wrote:
> On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote:
> > ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
> >
> > > Sure there is. There's the exact same problem as using the same password
> > > across multiple projects: if
On Wed, 12 Oct 2011 22:13:11 +0200
Tomas Mraz wrote:
>
> OK, but then you should not penalize also the people who keep their
> SSH private keys only on safe private computers.
We're sorry if it's causing you inconvenience. We have no way at all to
tell apart the groups of people who understand
> ons 2011-10-12 klockan 13:49 -0600 skrev Kevin Fenzi:
>
>> If you can't change your token, then I would posit you have a problem.
>> What if you KNEW your private key was compromised? Surely there is a
>> way to generate a new one...
>
> I can change it, but it means changing it for all sytems I
On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote:
> On Wed, 12 Oct 2011, Henrik Nordström wrote:
>
> > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
> >
> > > Lots of people use and share keys across different projects.
> >
> > There is no security issue in sharing kes across differ
ons 2011-10-12 klockan 13:49 -0600 skrev Kevin Fenzi:
> If you can't change your token, then I would posit you have a problem.
> What if you KNEW your private key was compromised? Surely there is a
> way to generate a new one...
I can change it, but it means changing it for all sytems I access u
On Wed, 12 Oct 2011, Henrik Nordström wrote:
> ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
>
> > Lots of people use and share keys across different projects.
>
> There is no security issue in sharing kes across different projects,
> other than that it gives a strong hint that you are th
Digimer wrote:
[...]
> The idea of maintaining a second set of keys for Fedora (and again for
> any other projects that follow suit) is, I'd argue, unreasonably burdensome.
Oh, come on. It was less than 5 minutes (and I learnt a bit while at it
too). From now on, it will be handled automagical
On Wed, 12 Oct 2011, Adam Williamson wrote:
> Reading between the lines of recent attacks, it seems likely that
> private keys compromised in some of the attacks were used to perform
> others. (No-one's come out and officially said this yet but it seems
> pretty obvious from the subtext of some of
On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
> That's a nonsense. Simply said. If I have a properly generated random
> ssh private key with a strong passphrase that I never put outside of my
> workstations and safe backup media then there is no other way it can be
> compromised than to com
On Wed, 2011-10-12 at 15:43 -0400, Paul Wouters wrote:
> On Wed, 12 Oct 2011, Kevin Fenzi wrote:
>
> > * DO verify ssh host keys via dnssec protected dns. ( .ssh/config:
> > "VerifyHostKeyDNS yes")
>
> https://bugzilla.redhat.com/show_bug.cgi?id=180277
> https://bugzilla.redhat.com/show_bug.cgi
On Wed, 12 Oct 2011 20:19:27 +0200
Henrik Nordström wrote:
> The password change is understandable, but why force an SSH key change
> with such short notice?
Short? 1.5 months?
How long would you like?
> And what if the SSH key is a hard token (smartcard) which can not be
> copied or triviall
On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote:
> ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
>
> > Sure there is. There's the exact same problem as using the same password
> > across multiple projects: if someone compromises the key they have
> > compromised all of those
On Wed, 12 Oct 2011 15:43:42 -0400 (EDT)
Paul Wouters wrote:
> On Wed, 12 Oct 2011, Kevin Fenzi wrote:
>
> > * DO verify ssh host keys via dnssec protected dns. ( .ssh/config:
> > "VerifyHostKeyDNS yes")
>
> https://bugzilla.redhat.com/show_bug.cgi?id=180277
> https://bugzilla.redhat.com/show_
2011/10/12 Till Maas :
> On Wed, Oct 12, 2011 at 03:06:46PM +1000, Peter Hutterer wrote:
>> out of interest - are there any plans to auto-close bugs once the new
>> version hits rawhide?
>
> No, this is not planned. But you do not need to close bugs, because old
> bugs are re-used unless they chang
On Wed, 2011-10-12 at 12:20 -0700, Adam Williamson wrote:
> On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote:
> > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
> >
> > > Lots of people use and share keys across different projects.
> >
> > There is no security issue in sharing k
On Wed, 12 Oct 2011 13:53:34 -0400
Digimer wrote:
> On 10/12/2011 12:44 PM, Kevin Fenzi wrote:
> > Subject: IMPORTANT: Mandatory password and ssh key change by
> > 2011-11-30
> >
> > Summary:
> >
> > All existing users of the Fedora Account System (FAS) at
> > https://admin.fedoraproject.org/acco
commit 37744ce9174431a3cb966c80dec130854d52f761
Author: Tom "spot" Callaway
Date: Wed Oct 12 15:43:58 2011 -0400
revived
perl-Text-Aspell.spec | 88 +
sources |1 +
2 files changed, 89 insertions(+), 0 deletions(-)
---
di
On Wed, 12 Oct 2011, Kevin Fenzi wrote:
> * DO verify ssh host keys via dnssec protected dns. ( .ssh/config:
> "VerifyHostKeyDNS yes")
https://bugzilla.redhat.com/show_bug.cgi?id=180277
https://bugzilla.redhat.com/show_bug.cgi?id=730558
You can't tell us to use this while at the same time refus
commit 3199bda7406c3c8a4c2bbeca244a5dfcb6f6adf7
Author: Tom "spot" Callaway
Date: Wed Oct 12 15:43:47 2011 -0400
revived
perl-Text-Aspell.spec | 88 +
sources |1 +
2 files changed, 89 insertions(+), 0 deletions(-)
---
di
On Wed, 12 Oct 2011 20:58:15 +0200
Henrik Nordström wrote:
> mån 2011-10-10 klockan 20:44 +0200 skrev Thomas Spura:
>
> > Forcing only critpath packages being in updates-testing and the rest
> > being allowed to push to stable directly would help to fix issues
> > much faster.
>
> You could set
Jon Ciesla wrote:
[...]
> It's really not a huge hassle. I've already done it. I configured the
> .ssh/config files where I needed to, and it doesn't conflict with any
> other keys I have. I don't get what the big deal is. The disruption is,
> like, five minutes of work. The potential benef
ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
> Sure there is. There's the exact same problem as using the same password
> across multiple projects: if someone compromises the key they have
> compromised all of those projects. If you use a different key for each
> project, an attacker
ons 2011-10-12 klockan 19:22 +0100 skrev Peter Robinson:
> If your using a hard token you should be using a subkeys I believe and
> not the root key, not sure if that's gpg or ssh or both.
subkeys is not relevant to the SSH world. That's a OpenPGP thing where
the main key should only be used for
> ons 2011-10-12 klockan 13:25 -0500 skrev Jon Ciesla:
>
>> Plus, you could have multiple
>> keys, all with the same passphrase, for different things, should you so
>> desire.
>
> That's effectively one shared key for all. If one of them are
> compromized them most likely all of them are, as the
ons 2011-10-12 klockan 13:25 -0500 skrev Jon Ciesla:
> Plus, you could have multiple
> keys, all with the same passphrase, for different things, should you so
> desire.
That's effectively one shared key for all. If one of them are
compromized them most likely all of them are, as the attacker cle
On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote:
> ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
>
> > Lots of people use and share keys across different projects.
>
> There is no security issue in sharing kes across different projects,
Sure there is. There's the exact same pr
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
> Lots of people use and share keys across different projects.
There is no security issue in sharing kes across different projects,
other than that it gives a strong hint that you are the same person in
both projects, much stronger than name
On Wed, Oct 12, 2011 at 03:06:46PM +1000, Peter Hutterer wrote:
> out of interest - are there any plans to auto-close bugs once the new
> version hits rawhide?
No, this is not planned. But you do not need to close bugs, because old
bugs are re-used unless they changed status.
Regards
Till
--
de
mån 2011-10-10 klockan 20:44 +0200 skrev Thomas Spura:
> Forcing only critpath packages being in updates-testing and the rest
> being allowed to push to stable directly would help to fix issues much
> faster.
You could set stable karma threshold to 1. It's then sufficient one
tester gives positiv
> On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote:
>> > On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
>> >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
>> >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
>> >> >> > On 12 October 2011 17:44, Kevin Fenzi wro
On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote:
> On Wed, 2011-10-12 at 13:04 -0500, Mike McGrath wrote:
> > On Wed, 12 Oct 2011, Simo Sorce wrote:
> >
> > > On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
> > > > On Wed, 12 Oct 2011 13:30:19 -0400
> > > > Jeff Layton wrote:
> > > >
>
On Wed, 2011-10-12 at 20:38 +0200, Henrik Nordström wrote:
> tis 2011-10-11 klockan 10:49 -0700 skrev Adam Williamson:
>
> > There obviously is a _legitimate_ question as to whether you ought to be
> > able to add your package into anyone else's update if you aren't a
> > provenpackager; it's not
On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote:
> > On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
> >> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
> >> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
> >> >> > On 12 October 2011 17:44, Kevin Fenzi wrote:
> >
On Wed, 12 Oct 2011 13:36:13 -0400
"Clyde E. Kunkel" wrote:
> I cannot attend this meeting but would like to request that
> consideration be given to changing the "Fedora NN updates-testing
> report" to list the actual package/software requiring security or
> critical path testing. I used to
tis 2011-10-11 klockan 10:49 -0700 skrev Adam Williamson:
> There obviously is a _legitimate_ question as to whether you ought to be
> able to add your package into anyone else's update if you aren't a
> provenpackager; it's not necessarily something we'd want to do. But I
> think provenpackagers
On 10/12/2011 01:41 PM, Richard Hughes wrote:
> On 12 October 2011 17:44, Kevin Fenzi wrote:
>> * Nine or more characters with lower and upper case letters, digits and
>> punctuation marks.
>> * Ten or more characters with lower and upper case letters and digits.
>> * Twelve or more characters w
Okay. Your configurations are the default configs (with the notable
exception of enabling the xinetd.d/tftp service).
On my x86_64 laptop running Fedora 16, with iptables reasonably normal,
I installed "tftp" and "tftp-server", and changed "disable = yes" to
"disable = no" in /etc/xinetd.d/tftp. T
On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote:
> Storing a public key is not an issue, so the fact I use my key with
> different projects has absolutely no bearing on my exposure, zero,
> zilch. Unless I store my *private* keys on non-personal machines.
I rather suspect this is exactly what
On Wed, Oct 12, 2011 at 8:24 PM, Adam Williamson wrote:
> On Wed, 2011-10-12 at 20:01 +0200, drago01 wrote:
>> On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote:
>> > On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
>> >
>> >> I have no problem with changing the password, but leave my ss
> On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
>> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
>> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
>> >> > On 12 October 2011 17:44, Kevin Fenzi wrote:
>> >> > > All existing users of the Fedora Account System (FAS)
On Wed, 2011-10-12 at 20:01 +0200, drago01 wrote:
> On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote:
> > On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
> >
> >> I have no problem with changing the password, but leave my ssh keys
> >> alone, unless there is a real reason to ask people
2011/10/12 Henrik Nordström :
> The password change is understandable, but why force an SSH key change
> with such short notice?
>
> And what if the SSH key is a hard token (smartcard) which can not be
> copied or trivially changed? Switching to a soft key would be mostly
> counter-productive from
On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
> >> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
> >> > On 12 October 2011 17:44, Kevin Fenzi wrote:
> >> > > All existing users of the Fedora Account System (FAS) at
> >
The password change is understandable, but why force an SSH key change
with such short notice?
And what if the SSH key is a hard token (smartcard) which can not be
copied or trivially changed? Switching to a soft key would be mostly
counter-productive from a security point of view. Now I were not
On Wed, 2011-10-12 at 13:04 -0500, Mike McGrath wrote:
> On Wed, 12 Oct 2011, Simo Sorce wrote:
>
> > On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
> > > On Wed, 12 Oct 2011 13:30:19 -0400
> > > Jeff Layton wrote:
> > >
> > > > I have a question not covered here: I just changed my ssh key
On 10/12/2011 02:10 PM, Peter Robinson wrote:
> On Wed, Oct 12, 2011 at 6:51 PM, Adam Williamson wrote:
>> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
>>> On 12 October 2011 17:44, Kevin Fenzi wrote:
All existing users of the Fedora Account System (FAS) at
https://admin.fed
On Wed, Oct 12, 2011 at 7:01 PM, drago01 wrote:
> On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote:
>> On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
>>
>>> I have no problem with changing the password, but leave my ssh keys
>>> alone, unless there is a real reason to ask people to ch
On Wed, 2011-10-12 at 10:53 -0700, Adam Williamson wrote:
> On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
>
> > I have no problem with changing the password, but leave my ssh keys
> > alone, unless there is a real reason to ask people to change them.
>
> Reading between the lines of recent
On Wed, Oct 12, 2011 at 6:51 PM, Adam Williamson wrote:
> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
>> On 12 October 2011 17:44, Kevin Fenzi wrote:
>> > All existing users of the Fedora Account System (FAS) at
>> > https://admin.fedoraproject.org/accounts are required to change the
> On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
>> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
>> > On 12 October 2011 17:44, Kevin Fenzi wrote:
>> > > All existing users of the Fedora Account System (FAS) at
>> > > https://admin.fedoraproject.org/accounts are required to
On Wed, 2011-10-12 at 10:58 -0700, Adam Williamson wrote:
> On Wed, 2011-10-12 at 13:53 -0400, seth vidal wrote:
> > On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
> > > On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
> > > > On 12 October 2011 17:44, Kevin Fenzi wrote:
> > > >
On Wed, 12 Oct 2011, Simo Sorce wrote:
> On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
> > On Wed, 12 Oct 2011 13:30:19 -0400
> > Jeff Layton wrote:
> >
> > > I have a question not covered here: I just changed my ssh key a week
> > > or two ago in the wake of the kernel.org compromise...
On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson wrote:
> On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
>
>> I have no problem with changing the password, but leave my ssh keys
>> alone, unless there is a real reason to ask people to change them.
>
> Reading between the lines of recent atta
On Wed, 2011-10-12 at 13:53 -0400, seth vidal wrote:
> On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
> > On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
> > > On 12 October 2011 17:44, Kevin Fenzi wrote:
> > > > All existing users of the Fedora Account System (FAS) at
> > > >
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
> I have no problem with changing the password, but leave my ssh keys
> alone, unless there is a real reason to ask people to change them.
Reading between the lines of recent attacks, it seems likely that
private keys compromised in some of the
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
> On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
> > On 12 October 2011 17:44, Kevin Fenzi wrote:
> > > All existing users of the Fedora Account System (FAS) at
> > > https://admin.fedoraproject.org/accounts are required to change
On 10/12/2011 12:44 PM, Kevin Fenzi wrote:
> Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
>
> Summary:
>
> All existing users of the Fedora Account System (FAS) at
> https://admin.fedoraproject.org/accounts are required to change their
> password and upload a NEW ssh publ
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
> On 12 October 2011 17:44, Kevin Fenzi wrote:
> > All existing users of the Fedora Account System (FAS) at
> > https://admin.fedoraproject.org/accounts are required to change their
> > password and upload a NEW ssh public key before 2011-11
On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
> On Wed, 12 Oct 2011 13:30:19 -0400
> Jeff Layton wrote:
>
> > I have a question not covered here: I just changed my ssh key a week
> > or two ago in the wake of the kernel.org compromise...
> >
> > Is my new key sufficient? I really don't w
On 12 October 2011 17:44, Kevin Fenzi wrote:
> All existing users of the Fedora Account System (FAS) at
> https://admin.fedoraproject.org/accounts are required to change their
> password and upload a NEW ssh public key before 2011-11-30.
I have to upload a *new* public key? Why should I have two
On Wed, 12 Oct 2011 13:30:19 -0400
Jeff Layton wrote:
> I have a question not covered here: I just changed my ssh key a week
> or two ago in the wake of the kernel.org compromise...
>
> Is my new key sufficient? I really don't want to have to re-distribute
> my key to all of the various servers
1 - 100 of 126 matches
Mail list logo
