hey all...
not sure if this is the appropriate spot to share or not, but was the closest I could find "security @ fedora"....
while working on a project, I searched for "Fedora" ami images in the new-ish AWS region us-east-2 ("ohio"), and was pleasantly surprised to find the easily discoverable and recognizable ami "Fedora release 26 (ami-f3a18096)" (as well as a a "Fedora release 25".....)
upon booting, I was concerned to find an extra ssh authorized key in ~fedora/.ssh/authorized_keys, and soon realized this was _not_ a sanctioned Fedora release (as confirmed from https://alt.fedoraproject.org/cloud/).
While yes, this is my fault for not starting from a trusted reference to find a reliable AMI, I found this a pretty easy pit to fall into.
Don't know if there's a remedy, other than getting real Fedora images into the frontier AWS regions, but thought that I should share...
--b
_______________________________________________ security mailing list -- security@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to security-leave@xxxxxxxxxxxxxxxxxxxxxxx
