On Mon, 2011-10-10 at 10:40 -0600, Kevin Fenzi wrote:
> ok, after folding in changes, I have the following draft.
> Comments/corrections/etc welcome.
>
> DRAFT-DRAFT-DRAFT
>
> Subject: IMPORTANT: Manditory password and ssh key change by 2011-11-30
^^^^^^^^^ Mandatory.
>
> Summary:
>
> All existing users of the Fedora Account System (FAS) at
> https://admin.fedoraproject.org/accounts are required to change their
> password and upload a NEW ssh public key by 2011-11-30. Failure to do so
> may result in your account being marked inactive.
>
> Backgound and reasoning:
>
> This change event has NOT been triggered by any specific compromise or
> vulnerability in Fedora Infrastructure. Rather, we believe, due to the
> large number of high profile sites with security breaches in recent
> months, that this is a great time for all Fedora contributors and users
> to review their security settings and move to "best practices" on their
> machines. Additionally, we are putting in place new rules for passwords
> to increase their entropy and make them harder to guess.
maybe dump the 'entropy' as some of our users are going to be lost
there.
maybe: "Additionally, we are putting in place new rules for passwords to
make them harder to guess."
-sv
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
