On Wed, 2011-10-12 at 22:34 +0200, Tomas Mraz wrote: > Unnecessary work is kind of punishment. > > BTW what prevents the people who do not care about their SSH private key > security to upload their new SSH key to a compromised system immediately > after their generate it again? Nothing prevents them from doing it. But this action, here, today, is trying to stave off risk from PAST compromises of others systems. It is not trying to stave off FUTURE compromises. It's like changing your house locks if you lose your keys. Nothing keeps you from losing your keys again - but you're completely certain that the old keys are useless now. To be clear - this not the only measures we're taking. We're trying to enhance our security posture so we can be better able to deal with what appears to now be a commonplace event in the open source development world. -sv -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
