Isn't it interesting how we have all this public-key infrastructure to secure all these key projects -- but every few years we throw it all out the window and start over -- based on insecure email messages!
> However if you don't replace the certs you will not have access to > cvs or the buildsystem. they are using only the new certs and > checking the crl. This sounds even fishier to me. Let's suppose the servers were broken into and severely compromised. (*) What could the miscreants have done that would invalidate every end-user's existing client certificate? There was no break-in to the clients. Why should the clients need to replace anything? Has the server lost its ability to validate the signature on the client certs? There may be large amounts of hassle coming for every Fedora end-user who wants to be able to download only signed packages (if, out of what they describe as an abundance of caution, Fedora changes the signing key for the whole distro). But why also make unnecessary(**) hassle for every Fedora developer? John (*) The last posting on the subject, https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html says rather that it was a relatively minor intrusion -- but let's assume an even worse one. (**) It's hard for the external community to know what's necessary and what's unnecessary, since the core team is only letting small amounts of info trickle out, in odd orders (like "change all your client certs" before "here's why"). _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel