> Mail-Followup-To: [EMAIL PROTECTED] (Heh, eew)
On Fri, May 30, 2008 at 08:52:02PM +0200, Raphael Hertzog wrote: > The news are collected on http://wiki.debian.org/DeveloperNews > Feel free to contribute. > ~/.ssh/authorized_keys will remain disabled by default > ------------------------------------------------------ > Peter Palfrader announced on debian-infrastructure-announce[1] that DSA > will not reenable the usage of ~/.ssh/authorized_keys. One should use the > official LDAP infrastructure[2] to setup key-based SSH connection to > debian.org machines. There's an exception however, quoting Peter: > > Should you need keys only on specific hosts for automated tasks like > > updating stuff or syncing files between project machines or similar > > we can enable a user editable authorized_keys file for specific users > > on specific hosts. Usually we would expect those keys to be limited > > to use only from certain hosts (using from="<xyz>") and limited to > > allow execution of only certain commands (using command="<foobar"). > > Contact DSA if you have such a case. I think this is a great example of why announcements like this should be sent to debian-devel-announce in the first place, instead of being relegated to the debian-infrastructure-announce list that most developers aren't subscribed to. - it's going to end up on d-d-a anyway because it's of sufficiently general concern that someone will forward it there - d-d-a is the list that all developers are supposed to be subscribed to, which means that's the list where announcements of general interest *should* go. Peter, please don't fragment our news feeds in this manner. At least provide this kind of information on *both* announcement lists, instead of hiding it only on the infrastructure-announce list among other messages that don't generally affect developers. This is information that does need to go to /all/ developers, not just to the infrastructure-announce list, because it's not just a maintenance notification - it's a policy change that affects how all developers interact with the project resources. Also, could someone please elaborate on what: The use of ~user/.ssh/authorized_keys files has been disabled since DSA1571 was announced. While our initial plan was to allow them again eventually some bad experience with DDs' key handling has led us to reconsider that intent. ... that means? What bad key handling was seen that warrants such a policy change? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
