On Wed, 2011-10-12 at 22:13 +0200, Tomas Mraz wrote: > > > > You have to remember, lots of our contributors aren't highly technical. > > Some don't even know what a private key is. They just follow the docs on > > the website and get access to contribute. Not everyone is a packager. > > OK, but then you should not penalize also the people who keep their SSH > private keys only on safe private computers. > What can we do there? We can't separate out those with good practices and those without. And to be completely fair - I know of some interesting cases where very trusted and competent people who practiced safe security behaviors just made a mistake they didn't notice. These are smart, capable people who simply made a mistake. If you were to speak to them you would say "they have their stuff together, no way they would make a mistake like this" But they did. It happens. -sv -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
