On Wed, 2011-10-12 at 21:07 +0200, Henrik Nordström wrote: > ons 2011-10-12 klockan 13:04 -0500 skrev Mike McGrath: > > > Lots of people use and share keys across different projects. > > There is no security issue in sharing kes across different projects, Sure there is. There's the exact same problem as using the same password across multiple projects: if someone compromises the key they have compromised all of those projects. If you use a different key for each project, an attacker can only compromise one project with any given key. Sure, ssh keys are much harder to compromise than passwords, but _assuming a compromise has happened_ the consequences of using a single key for everything are just as bad as using a single password for everything. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
