[Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones (original) (raw)
Barry Warsaw barry at python.org
Wed May 14 03:37:32 CEST 2008
- Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Next message: [Python-Dev] Committing bsddb 4.6.4, and where can I put testsuite temp files?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On May 13, 2008, at 7:12 PM, Martin v. Löwis wrote:
If you generated your python subversion ssh key during this time on a machine fitting the description above, please consider replacing your keys.
apt-get update ; apt-get upgrade on debian will provide you with a ssh-vulnkey program that can be used to test if your ssh keys are valid or not. I'll ping all committers for which ssh-vulnkey reports COMPROMISED. I personally don't think the threat is severe - unless people also published their public SSH keys somewhere, there is little chance that somebody can break in by just guessing them remotely - you still need to try a lot of combinations for user names and passwords, plus with subversion, we'll easily recognize doubtful checkins (as we do even if the committer is legitimate :-).
It's also probably worth checking the keys for everyone who has shell
access on the python.org machines.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)
iQCVAwUBSCpCXHEjvBPtnXfVAQLy5gP+MZJ7/RKDqw9QKvNr9rlGm7GjOBkuWR3B UA91clzb4Iuy+51+V4B3iUcdmwGtpfYum8/2+1/qpi7abO/IiIQvvOKczQzkv5XL ALh59zR2iiBuNg1BVW0JPdkyNt6qr2oe8kKdUZfyrwRSKIukX+e40Oa+1zvfp0E7 9AumiqMUCtI= =EXC8 -----END PGP SIGNATURE-----
- Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Next message: [Python-Dev] Committing bsddb 4.6.4, and where can I put testsuite temp files?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]