On Wed, 2011-10-12 at 11:41 -0600, Kevin Fenzi wrote: > On Wed, 12 Oct 2011 13:30:19 -0400 > Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > > I have a question not covered here: I just changed my ssh key a week > > or two ago in the wake of the kernel.org compromise... > > > > Is my new key sufficient? I really don't want to have to re-distribute > > my key to all of the various servers again. > > Well, we talked about this some, but we don't have fingerprints from > several weeks ago to check people against to confirm they uploaded a > new key. > > Would it be possible for you to just make a new fedora only key? Can you stop asking useless security theater measures instead ? My ssh keys are fine and I see no reason to change them for you. If all projects I participate in were to ask me to change my keys I would end up with a mess of different keys for absolutely no reason. I have no problem with changing the password, but leave my ssh keys alone, unless there is a real reason to ask people to change them. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
