Ignacio Vazquez-Abrams wrote:
On Sun, 2008-09-21 at 17:12 +1000, David Timms wrote:
Hi, I've recently been trying to do package development from my notebook
PC, rather than my desktop PC {which has all the ssh certs,
own/fedora/fedara certs, and the client side certificate}.
To use a second development machine is it necessary and sufficient to:
cp from my account on original desktop:
- .ssh/id_rsa.pub
Not required unless you want to set up other machines for entry with the
same key.
Isn't this required to be uploaded to fas so that cvs commits can work ?
[Oh, since public is already uploaded, I don't need it again unless the
key is regenerated {and then it's a new public key}] ?
Don't you then need at least the private key on the second machine ?
If I have all the same key/certs on the notebook, what are the security
implications if the machine is stolen {and obtained by someone with
malicious ideas} etc ?
1) Your passphrase can be brute-forced, thereby possibly gaining some
knowledge about your passphrases in general.
So make sure you used a strong passphrase ?
Or is that not enough ?
2) Someone can act as you in koji, both in the browser and in the
command line ("Beware criminals requeueing packages").
Which id parts are used by cvs, koji, bodhi ?
DaveT.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
