On Mon, Dec 25, 2000 at 11:46:16AM -0800, David O'Brien wrote:
> On Fri, Dec 22, 2000 at 11:28:07PM -0800, Kris Kennaway wrote:
> > Incorrect..the problems with SSH come down to flaws in the human
> > operator who ignore the warnings SSH gives them, and tell it
> > explicitly to do insecure things like connect to a server which is
> > suddenly not the one you're used to connecting to.
>
> And we, the FreeBSD Project, don't do a thing to help this situation.
> We change the SSH keys on the freebsd.org machines left and right w/o
> *ANY* notice to committers that they have been changed. So we've trained
> our own committers to have sloppy habits that could lead a malicious code
> added to the FreeBSD CVS source repository.
Umm, are you actually talking about real incidents here, or just
spreading FUD? The last two times a freebsd.org host key has been
changed, that I am aware of, a signed message has been sent about it
confirming the new key.
Kris
PGP signature
