Re: package maintenance from multiple PCs ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2008-09-22 at 08:25 +1000, David Timms wrote:
> Ignacio Vazquez-Abrams wrote:
> > On Sun, 2008-09-21 at 17:12 +1000, David Timms wrote:
> >> Hi, I've recently been trying to do package development from my notebook 
> >>   PC, rather than my desktop PC {which has all the ssh certs, 
> >> own/fedora/fedara certs, and the client side certificate}.
> >>
> >> To use a second development machine is it necessary and sufficient to:
> >> cp from my account on original desktop:
> > 
> >> - .ssh/id_rsa.pub
> > 
> > Not required unless you want to set up other machines for entry with the
> > same key.
> Isn't this required to be uploaded to fas so that cvs commits can work ?

Once.

> [Oh, since public is already uploaded, I don't need it again unless the 
> key is regenerated {and then it's a new public key}] ?

Correct.

> Don't you then need at least the private key on the second machine ?

Yes. But .pub is the public key.

> >> If I have all the same key/certs on the notebook, what are the security 
> >> implications if the machine is stolen {and obtained by someone with 
> >> malicious ideas} etc ?
> > 
> > 1) Your passphrase can be brute-forced, thereby possibly gaining some
> > knowledge about your passphrases in general.
> So make sure you used a strong passphrase ?
> Or is that not enough ?

Just don't use predictable patterns across the board, such as "family
members' names with the second letter 1337-ized and the fourth letter
capitalized", etc. Or if you *are* going to use a predictable pattern,
make the pattern "ludicrously long/complex passwords".

> > 2) Someone can act as you in koji, both in the browser and in the
> > command line ("Beware criminals requeueing packages").
> Which id parts are used by cvs, koji, bodhi ?

I'm not certain about this, but cvs is your ssh key, koji is your SSL
cert, and I'm not sure what bodhi uses.

-- 
Ignacio Vazquez-Abrams <ivazqueznet@xxxxxxxxx>

PLEASE don't CC me; I'm already subscribed

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux