On Tue, Oct 11, 2011 at 11:11:39PM -0400, Paul Wouters wrote:
On Tue, 11 Oct 2011, Nathanael D. Noblet wrote:
As far as I know if you burn the key you will lose the ability to use
the yubikey's servers and I'm guessing coincidentally the lastpass as
well. I have seen that you are allowed
Hey Adam,
On Wed, Oct 12, 2011 at 2:17 AM, Adam Williamson awill...@redhat.com wrote:
Hey, folks. There's a grub update in updates-testing atm (being pushed
stable soon) which splits the EFI stuff off into a new grub-efi
subpackage. If you have an EFI install of F16 you will need to have
On 10/12/2011 12:02 AM, Toshio Kuratomi wrote:
I currently have my yubikey set up to do this (slot 1 is Fedora, slot 2 is
for yubikey servers).
Hmm that's great. For some reason I thought the slots still used the
same keys...
--
Nathanael d. Noblet
t 403.875.4613
--
devel mailing list
On 10/12/2011 04:17 AM, Adam Williamson wrote:
Hey, folks. There's a grub update in updates-testing atm (being pushed
stable soon) which splits the EFI stuff off into a new grub-efi
subpackage. If you have an EFI install of F16 you will need to have
grub-efi installed or else your system won't
On Mon, Oct 10, 2011 at 12:09:51PM -0600, Tim Flink wrote:
Since the beta criterion for running Fedora as a Xen guest (DomU) was
removed for Fedora 16, there has been some discussion [1] [2] on test@
about whether or not we should add it back for Fedora 16 final. The old
criterion read:
On 12 October 2011 04:22, Nick Jones nick.jo...@network-box.com wrote:
On Tue, 2011-10-11 at 21:22 +0100, Aaron Gray wrote:
On 11 October 2011 18:49, Tom Callaway tcall...@redhat.com wrote:
On 10/11/2011 01:46 PM, Aaron Gray wrote:
I have two F15 machines one a desktop
On Mon, Sep 19, 2011 at 4:01 PM, Fulko Hew fulko@gmail.com wrote:
On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris epa...@redhat.com wrote:
On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote:
If so... why use chcon versus the semanage/restorecon technique?
or if my assesement is wrong... can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/12/2011 09:00 AM, Fulko Hew wrote:
On Mon, Sep 19, 2011 at 4:01 PM, Fulko Hew fulko@gmail.com
mailto:fulko@gmail.com wrote:
On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris epa...@redhat.com
mailto:epa...@redhat.com wrote:
On Mon,
On Fri, 2011-10-07 at 10:03 -0500, Richard Shaw wrote:
Should we request a separate mailing list? I don't expect it to be
high volume obviously but it could make communication easier since
people live across multiple time zones. Also, it would make subjects
easier since right now on the
On Wed, Oct 12, 2011 at 8:26 AM, Pierre-Yves Chibon pin...@pingoured.fr wrote:
On Fri, 2011-10-07 at 10:03 -0500, Richard Shaw wrote:
Should we request a separate mailing list? I don't expect it to be
high volume obviously but it could make communication easier since
people live across
perl-Pugs-Compiler-Rule has broken dependencies in the rawhide tree:
On x86_64:
perl-Pugs-Compiler-Rule-0.37-9.fc16.noarch requires
perl(:MODULE_COMPAT_5.12.3)
On i386:
perl-Pugs-Compiler-Rule-0.37-9.fc16.noarch requires
perl(:MODULE_COMPAT_5.12.3)
Please resolve this as soon
perl-Bio-Graphics has broken dependencies in the rawhide tree:
On x86_64:
perl-Bio-Graphics-2.25-1.fc17.noarch requires perl(Bio::DB::BigWig)
On i386:
perl-Bio-Graphics-2.25-1.fc17.noarch requires perl(Bio::DB::BigWig)
Please resolve this as soon as possible.
--
Fedora Extras
Compose started at Wed Oct 12 08:16:19 UTC 2011
Broken deps for x86_64
--
389-admin-1.1.23-1.fc17.i686 requires libicuuc.so.46
389-admin-1.1.23-1.fc17.i686 requires libicui18n.so.46
389-admin-1.1.23-1.fc17.i686
On 11 October 2011 18:49, Tom Callaway tcall...@redhat.com wrote:
On 10/11/2011 01:46 PM, Aaron Gray wrote:
I have two F15 machines one a desktop which is running the new Gnome 3
desktop and a laptop not running the new desktop.
TFTP is not working on the desktop machine on F15 as it was
On 12 October 2011 14:57, Aaron Gray aaronngray.li...@gmail.com wrote:
On 11 October 2011 18:49, Tom Callaway tcall...@redhat.com wrote:
On 10/11/2011 01:46 PM, Aaron Gray wrote:
I have two F15 machines one a desktop which is running the new Gnome 3
desktop and a laptop not running the new
On Wed, Oct 12, 2011 at 7:41 AM, Rawhide Report
rawh...@fedoraproject.org wrote:
Compose started at Wed Oct 12 08:16:19 UTC 2011
Broken deps for x86_64
--
[snip]
acheck-0.5.1-5.fc17.noarch requires perl(Text::Aspell)
[snip]
On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote:
On 10/12/2011 04:17 AM, Adam Williamson wrote:
Hey, folks. There's a grub update in updates-testing atm (being pushed
stable soon) which splits the EFI stuff off into a new grub-efi
subpackage. If you have an EFI install of F16 you will
On Mon, 2011-10-03 at 22:12 +0200, Pierre-Yves Chibon wrote:
On Thu, 2011-09-15 at 13:24 +0200, Pierre-Yves Chibon wrote:
I just sent an email directly to his archlinux.us email address asking
if he wishes to resign from his maintainer duties or if he is just
busy.
Let's see if he
On Wed, Oct 12, 2011 at 4:26 PM, Adam Williamson awill...@redhat.com wrote:
On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote:
On 10/12/2011 04:17 AM, Adam Williamson wrote:
Hey, folks. There's a grub update in updates-testing atm (being pushed
stable soon) which splits the EFI stuff off
This release we seem to have gotten quite a few timely bugs, some of
them quite subtle. I thank all of you who took the time to pore over
the beta notes and submit bugs. Many of these subtleties the Docs
writers really can't pick up on, and your effort makes the release notes
that much better.
On 10/12/2011 11:20 AM, Jerry James wrote:
On Wed, Oct 12, 2011 at 7:41 AM, Rawhide Report
rawh...@fedoraproject.org wrote:
Compose started at Wed Oct 12 08:16:19 UTC 2011
Broken deps for x86_64
--
[snip]
On 10/12/2011 06:26 PM, Adam Williamson wrote:
On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote:
I can think of two ways to convince yum to always install grub-efi on
upgrades:
a) have grub2 require grub-efi; or
b) have grub-efi obsolete grub.
Both of the cases are also described on
On Wed, 2011-10-12 at 16:30 +0100, Peter Robinson wrote:
I think b) sounds closer to our goal here, if it does actually work that
way (I thought yum would just pick one of the obsoleting packages).
Peter?
It will only pick up the replacement package if the package has a
provides line as
On 10/12/2011 11:26 AM, Adam Williamson wrote:
On Wed, 2011-10-12 at 12:29 +0300, Kalev Lember wrote:
On 10/12/2011 04:17 AM, Adam Williamson wrote:
Hey, folks. There's a grub update in updates-testing atm (being pushed
stable soon) which splits the EFI stuff off into a new grub-efi
Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Summary:
All existing users of the Fedora Account System (FAS) at
https://admin.fedoraproject.org/accounts are required to change their
password and upload a NEW ssh public key before 2011-11-30.
Failure to do so may
On 10/11/2011 04:05 PM, Kevin Fenzi wrote:
We are going to be having another proventesters meetup tomorrow on IRC
in #fedora-meeting at 18:00UTC.
Purpose of meetup: Brainstorm ideas on improving testing and processes
for testing updates.
* Intro/gather more agenda items
* Recruiting more
On 12 October 2011 20:50, Jerry James wrote:
On Wed, Oct 12, 2011 at 7:41 AM, Rawhide Report
[..]
I don't see anything since early April, which is consistent with the
lack of response to my late April notification of perl-Text-Aspell's
imminent demise. Rakesh's last post to this mailing list
On Wed, 12 Oct 2011 13:30:19 -0400
Jeff Layton jlay...@redhat.com wrote:
I have a question not covered here: I just changed my ssh key a week
or two ago in the wake of the kernel.org compromise...
Is my new key sufficient? I really don't want to have to re-distribute
my key to all of the
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
https://admin.fedoraproject.org/accounts are required to change their
password and upload a NEW ssh public key before 2011-11-30.
I have to upload a *new* public key? Why
On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
On Wed, 12 Oct 2011 13:30:19 -0400
Jeff Layton jlay...@redhat.com wrote:
I have a question not covered here: I just changed my ssh key a week
or two ago in the wake of the kernel.org compromise...
Is my new key sufficient? I really
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
https://admin.fedoraproject.org/accounts are required to change their
password and upload a NEW ssh public key
On 10/12/2011 12:44 PM, Kevin Fenzi wrote:
Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Summary:
All existing users of the Fedora Account System (FAS) at
https://admin.fedoraproject.org/accounts are required to change their
password and upload a NEW ssh public key
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
https://admin.fedoraproject.org/accounts are required to
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
I have no problem with changing the password, but leave my ssh keys
alone, unless there is a real reason to ask people to change them.
Reading between the lines of recent attacks, it seems likely that
private keys compromised in some of the
On Wed, 2011-10-12 at 13:53 -0400, seth vidal wrote:
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson awill...@redhat.com wrote:
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
I have no problem with changing the password, but leave my ssh keys
alone, unless there is a real reason to ask people to change them.
Reading between the lines of
On Wed, 12 Oct 2011, Simo Sorce wrote:
On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
On Wed, 12 Oct 2011 13:30:19 -0400
Jeff Layton jlay...@redhat.com wrote:
I have a question not covered here: I just changed my ssh key a week
or two ago in the wake of the kernel.org
On Wed, 2011-10-12 at 10:58 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 13:53 -0400, seth vidal wrote:
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
https://admin.fedoraproject.org/accounts are required
On Wed, Oct 12, 2011 at 6:51 PM, Adam Williamson awill...@redhat.com wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
https://admin.fedoraproject.org/accounts
On Wed, 2011-10-12 at 10:53 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
I have no problem with changing the password, but leave my ssh keys
alone, unless there is a real reason to ask people to change them.
Reading between the lines of recent
On Wed, Oct 12, 2011 at 7:01 PM, drago01 drag...@gmail.com wrote:
On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson awill...@redhat.com wrote:
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
I have no problem with changing the password, but leave my ssh keys
alone, unless there is a real
On 10/12/2011 02:10 PM, Peter Robinson wrote:
On Wed, Oct 12, 2011 at 6:51 PM, Adam Williamsonawill...@redhat.com wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzike...@scrye.com wrote:
All existing users of the Fedora Account System (FAS)
On Wed, 2011-10-12 at 13:04 -0500, Mike McGrath wrote:
On Wed, 12 Oct 2011, Simo Sorce wrote:
On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
On Wed, 12 Oct 2011 13:30:19 -0400
Jeff Layton jlay...@redhat.com wrote:
I have a question not covered here: I just changed my ssh
The password change is understandable, but why force an SSH key change
with such short notice?
And what if the SSH key is a hard token (smartcard) which can not be
copied or trivially changed? Switching to a soft key would be mostly
counter-productive from a security point of view. Now I were not
On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
2011/10/12 Henrik Nordström hen...@henriknordstrom.net:
The password change is understandable, but why force an SSH key change
with such short notice?
And what if the SSH key is a hard token (smartcard) which can not be
copied or trivially changed? Switching to a soft key would be mostly
On Wed, 2011-10-12 at 20:01 +0200, drago01 wrote:
On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson awill...@redhat.com wrote:
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
I have no problem with changing the password, but leave my ssh keys
alone, unless there is a real reason to
On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
All existing users of the Fedora Account System (FAS) at
On Wed, Oct 12, 2011 at 8:24 PM, Adam Williamson awill...@redhat.com wrote:
On Wed, 2011-10-12 at 20:01 +0200, drago01 wrote:
On Wed, Oct 12, 2011 at 7:53 PM, Adam Williamson awill...@redhat.com wrote:
On Wed, 2011-10-12 at 13:45 -0400, Simo Sorce wrote:
I have no problem with changing the
On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote:
Storing a public key is not an issue, so the fact I use my key with
different projects has absolutely no bearing on my exposure, zero,
zilch. Unless I store my *private* keys on non-personal machines.
I rather suspect this is exactly what
Okay. Your configurations are the default configs (with the notable
exception of enabling the xinetd.d/tftp service).
On my x86_64 laptop running Fedora 16, with iptables reasonably normal,
I installed tftp and tftp-server, and changed disable = yes to
disable = no in /etc/xinetd.d/tftp. Then, I
On 10/12/2011 01:41 PM, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzike...@scrye.com wrote:
* Nine or more characters with lower and upper case letters, digits and
punctuation marks.
* Ten or more characters with lower and upper case letters and digits.
* Twelve or more
tis 2011-10-11 klockan 10:49 -0700 skrev Adam Williamson:
There obviously is a _legitimate_ question as to whether you ought to be
able to add your package into anyone else's update if you aren't a
provenpackager; it's not necessarily something we'd want to do. But I
think provenpackagers
On Wed, 12 Oct 2011 13:36:13 -0400
Clyde E. Kunkel clydekunkel7...@cox.net wrote:
I cannot attend this meeting but would like to request that
consideration be given to changing the Fedora NN updates-testing
report to list the actual package/software requiring security or
critical path
On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote:
On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
On Wed, 2011-10-12 at 20:38 +0200, Henrik Nordström wrote:
tis 2011-10-11 klockan 10:49 -0700 skrev Adam Williamson:
There obviously is a _legitimate_ question as to whether you ought to be
able to add your package into anyone else's update if you aren't a
provenpackager; it's not
On Wed, 2011-10-12 at 14:16 -0400, Simo Sorce wrote:
On Wed, 2011-10-12 at 13:04 -0500, Mike McGrath wrote:
On Wed, 12 Oct 2011, Simo Sorce wrote:
On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote:
On Wed, 12 Oct 2011 13:30:19 -0400
Jeff Layton jlay...@redhat.com wrote:
On Wed, 2011-10-12 at 13:25 -0500, Jon Ciesla wrote:
On Wed, 2011-10-12 at 13:06 -0500, Jon Ciesla wrote:
On Wed, 2011-10-12 at 10:51 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 18:41 +0100, Richard Hughes wrote:
On 12 October 2011 17:44, Kevin Fenzi ke...@scrye.com wrote:
mån 2011-10-10 klockan 20:44 +0200 skrev Thomas Spura:
Forcing only critpath packages being in updates-testing and the rest
being allowed to push to stable directly would help to fix issues much
faster.
You could set stable karma threshold to 1. It's then sufficient one
tester gives positive
On Wed, Oct 12, 2011 at 03:06:46PM +1000, Peter Hutterer wrote:
out of interest - are there any plans to auto-close bugs once the new
version hits rawhide?
No, this is not planned. But you do not need to close bugs, because old
bugs are re-used unless they changed status.
Regards
Till
--
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
Lots of people use and share keys across different projects.
There is no security issue in sharing kes across different projects,
other than that it gives a strong hint that you are the same person in
both projects, much stronger than name
On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote:
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
Lots of people use and share keys across different projects.
There is no security issue in sharing kes across different projects,
Sure there is. There's the exact same problem
ons 2011-10-12 klockan 13:25 -0500 skrev Jon Ciesla:
Plus, you could have multiple
keys, all with the same passphrase, for different things, should you so
desire.
That's effectively one shared key for all. If one of them are
compromized them most likely all of them are, as the attacker
ons 2011-10-12 klockan 13:25 -0500 skrev Jon Ciesla:
Plus, you could have multiple
keys, all with the same passphrase, for different things, should you so
desire.
That's effectively one shared key for all. If one of them are
compromized them most likely all of them are, as the attacker
ons 2011-10-12 klockan 19:22 +0100 skrev Peter Robinson:
If your using a hard token you should be using a subkeys I believe and
not the root key, not sure if that's gpg or ssh or both.
subkeys is not relevant to the SSH world. That's a OpenPGP thing where
the main key should only be used for
ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
Sure there is. There's the exact same problem as using the same password
across multiple projects: if someone compromises the key they have
compromised all of those projects. If you use a different key for each
project, an attacker can
Jon Ciesla l...@jcomserv.net wrote:
[...]
It's really not a huge hassle. I've already done it. I configured the
.ssh/config files where I needed to, and it doesn't conflict with any
other keys I have. I don't get what the big deal is. The disruption is,
like, five minutes of work. The
On Wed, 12 Oct 2011 20:58:15 +0200
Henrik Nordström wrote:
mån 2011-10-10 klockan 20:44 +0200 skrev Thomas Spura:
Forcing only critpath packages being in updates-testing and the rest
being allowed to push to stable directly would help to fix issues
much faster.
You could set stable
commit 3199bda7406c3c8a4c2bbeca244a5dfcb6f6adf7
Author: Tom spot Callaway tcall...@redhat.com
Date: Wed Oct 12 15:43:47 2011 -0400
revived
perl-Text-Aspell.spec | 88 +
sources |1 +
2 files changed, 89 insertions(+), 0
On Wed, 12 Oct 2011, Kevin Fenzi wrote:
* DO verify ssh host keys via dnssec protected dns. ( .ssh/config:
VerifyHostKeyDNS yes)
https://bugzilla.redhat.com/show_bug.cgi?id=180277
https://bugzilla.redhat.com/show_bug.cgi?id=730558
You can't tell us to use this while at the same time refusing
commit 37744ce9174431a3cb966c80dec130854d52f761
Author: Tom spot Callaway tcall...@redhat.com
Date: Wed Oct 12 15:43:58 2011 -0400
revived
perl-Text-Aspell.spec | 88 +
sources |1 +
2 files changed, 89 insertions(+), 0
On Wed, 12 Oct 2011 13:53:34 -0400
Digimer li...@alteeve.com wrote:
On 10/12/2011 12:44 PM, Kevin Fenzi wrote:
Subject: IMPORTANT: Mandatory password and ssh key change by
2011-11-30
Summary:
All existing users of the Fedora Account System (FAS) at
On Wed, 2011-10-12 at 12:20 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote:
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
Lots of people use and share keys across different projects.
There is no security issue in sharing kes across
2011/10/12 Till Maas opensou...@till.name:
On Wed, Oct 12, 2011 at 03:06:46PM +1000, Peter Hutterer wrote:
out of interest - are there any plans to auto-close bugs once the new
version hits rawhide?
No, this is not planned. But you do not need to close bugs, because old
bugs are re-used
On Wed, 12 Oct 2011 15:43:42 -0400 (EDT)
Paul Wouters p...@xelerance.com wrote:
On Wed, 12 Oct 2011, Kevin Fenzi wrote:
* DO verify ssh host keys via dnssec protected dns. ( .ssh/config:
VerifyHostKeyDNS yes)
https://bugzilla.redhat.com/show_bug.cgi?id=180277
On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote:
ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
Sure there is. There's the exact same problem as using the same password
across multiple projects: if someone compromises the key they have
compromised all of those
On Wed, 12 Oct 2011 20:19:27 +0200
Henrik Nordström hen...@henriknordstrom.net wrote:
The password change is understandable, but why force an SSH key change
with such short notice?
Short? 1.5 months?
How long would you like?
And what if the SSH key is a hard token (smartcard) which can not
On Wed, 2011-10-12 at 15:43 -0400, Paul Wouters wrote:
On Wed, 12 Oct 2011, Kevin Fenzi wrote:
* DO verify ssh host keys via dnssec protected dns. ( .ssh/config:
VerifyHostKeyDNS yes)
https://bugzilla.redhat.com/show_bug.cgi?id=180277
https://bugzilla.redhat.com/show_bug.cgi?id=730558
On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
That's a nonsense. Simply said. If I have a properly generated random
ssh private key with a strong passphrase that I never put outside of my
workstations and safe backup media then there is no other way it can be
compromised than to
On Wed, 12 Oct 2011, Adam Williamson wrote:
Reading between the lines of recent attacks, it seems likely that
private keys compromised in some of the attacks were used to perform
others. (No-one's come out and officially said this yet but it seems
pretty obvious from the subtext of some of
Digimer li...@alteeve.com wrote:
[...]
The idea of maintaining a second set of keys for Fedora (and again for
any other projects that follow suit) is, I'd argue, unreasonably burdensome.
Oh, come on. It was less than 5 minutes (and I learnt a bit while at it
too). From now on, it will be
On Wed, 12 Oct 2011, Henrik Nordström wrote:
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
Lots of people use and share keys across different projects.
There is no security issue in sharing kes across different projects,
other than that it gives a strong hint that you are the same
ons 2011-10-12 klockan 13:49 -0600 skrev Kevin Fenzi:
If you can't change your token, then I would posit you have a problem.
What if you KNEW your private key was compromised? Surely there is a
way to generate a new one...
I can change it, but it means changing it for all sytems I access
On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote:
On Wed, 12 Oct 2011, Henrik Nordström wrote:
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
Lots of people use and share keys across different projects.
There is no security issue in sharing kes across different
ons 2011-10-12 klockan 13:49 -0600 skrev Kevin Fenzi:
If you can't change your token, then I would posit you have a problem.
What if you KNEW your private key was compromised? Surely there is a
way to generate a new one...
I can change it, but it means changing it for all sytems I access
On Wed, 12 Oct 2011 22:13:11 +0200
Tomas Mraz tm...@redhat.com wrote:
OK, but then you should not penalize also the people who keep their
SSH private keys only on safe private computers.
We're sorry if it's causing you inconvenience. We have no way at all to
tell apart the groups of people
On Wed, 2011-10-12 at 12:48 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 21:38 +0200, Henrik Nordström wrote:
ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:
Sure there is. There's the exact same problem as using the same password
across multiple projects: if someone
On Wed, 2011-10-12 at 13:49 -0600, Kevin Fenzi wrote:
On Wed, 12 Oct 2011 20:19:27 +0200
Henrik Nordström hen...@henriknordstrom.net wrote:
The password change is understandable, but why force an SSH key change
with such short notice?
Short? 1.5 months?
How long would you like?
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=745337
Steven Pritchard st...@silug.org changed:
What|Removed |Added
On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
That's a nonsense. Simply said. If I have a properly generated random
ssh private key with a strong passphrase that I never put outside of my
workstations and safe backup media
On Wed, 2011-10-12 at 14:18 -0600, Kevin Fenzi wrote:
On Wed, 12 Oct 2011 22:13:11 +0200
Tomas Mraz tm...@redhat.com wrote:
OK, but then you should not penalize also the people who keep their
SSH private keys only on safe private computers.
We're sorry if it's causing you
On Wed, Oct 12, 2011 at 08:19:27PM +0200, Henrik Nordström wrote:
And why is so much of the Fedora inftrastructure relying on plain text
password exchanges (within SSL, but still plain text at the Fedora
servers) when there is both HTTP digest authentication (no plaintext
seen by Fedora
On Wed, 2011-10-12 at 15:22 -0500, Mike McGrath wrote:
On Wed, 12 Oct 2011, Tomas Mraz wrote:
On Wed, 2011-10-12 at 14:59 -0500, Mike McGrath wrote:
On Wed, 12 Oct 2011, Henrik Nordström wrote:
ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath:
Lots of people use and
On Wed, 2011-10-12 at 22:13 +0200, Tomas Mraz wrote:
You have to remember, lots of our contributors aren't highly technical.
Some don't even know what a private key is. They just follow the docs on
the website and get access to contribute. Not everyone is a packager.
OK, but then you
On Wed, 2011-10-12 at 22:34 +0200, Tomas Mraz wrote:
Unnecessary work is kind of punishment.
BTW what prevents the people who do not care about their SSH private key
security to upload their new SSH key to a compromised system immediately
after their generate it again?
Nothing prevents them
On Wed, 2011-10-12 at 16:27 -0400, Simo Sorce wrote:
On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
That's a nonsense. Simply said. If I have a properly generated random
ssh private key with a strong passphrase that I
On Wed, 2011-10-12 at 22:50 +0200, Pierre-Yves Chibon wrote:
On Wed, 2011-10-12 at 16:27 -0400, Simo Sorce wrote:
On Wed, 2011-10-12 at 12:55 -0700, Adam Williamson wrote:
On Wed, 2011-10-12 at 21:45 +0200, Tomas Mraz wrote:
That's a nonsense. Simply said. If I have a properly
Kevin Fenzi writes:
New Password Rules:
* Nine or more characters with lower and upper case letters, digits and
punctuation marks.
* Ten or more characters with lower and upper case letters and digits.
* Twelve or more characters with lower case letters and digits
* Twenty or more characters
ons 2011-10-12 klockan 14:59 -0500 skrev Mike McGrath:
1) People share keys across different projects.
Yes.
2) We've found PRIVATE keys on our servers
Which should lead to immediate account suspension, no matter if that key
is the Fedora key or some other key.
And in reality it's not
1 - 100 of 145 matches
Mail list logo