On Mon, 30 Mar 2009, Mike McGrath wrote: > For those not on the announce list: > > https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html > Oh! I forgot something too, I've been waiting for this to go out so we could discuss authentication mechanisms. Passwords + ssh keys just aren't the most secure method of authentication. Our policy on private keys is pretty clear now but there's always room for improvement. So I'm not quite sure how to 'fix' this problem. By that I mean, even if we knew this attack was going to happen I'm not totally sure of a feasible solution, using only free software, that we could have used to fix it. Obviously a physical rsa key or the like would have worked but I don't think we have the manpower nor budget to implement such a system. So I ask the list, any ideas? -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
