On Mon, Dec 25, 2000 at 09:27:49PM -0800, David O'Brien wrote:
> On Mon, Dec 25, 2000 at 08:29:01PM -0800, Kris Kennaway wrote:
> >
> > Umm, are you actually talking about real incidents here, or just
> > spreading FUD?
>
> REAL incidents. Please remember I've been a committer longer you have.
This has nothing to do with it, since both of the times you are
referring to are well after I became a committer.
> > The last two times a freebsd.org host key has been changed, that I am
> > aware of, a signed message has been sent about it confirming the new
> > key.
>
> Uh no. Both of those times that a message was sent out, it wasn't even
> signed (Internet on 10 May 2000 and Freefall on 16 May 2000). Hop on
> over the the archives on hub.freebsd.org and get your facts straight.
> The Internat change didn't even list the new key. And the best we've
> ever done is in the "HEADS UP: New host key for freefall!" thread started
> by Peter Wemm on Tue, 16 May 2000 23:26:33.
Bollocks.
Since you insist, please check the following message IDs which contain
PGP signed confirmations of the changed keys. The freefall one
especially was just a mixup in timing, not an oversight or gap in
policy:
Message-Id: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
So I say again, please stop spreading FUD and making it sound like
FreeBSD admins routinely change SSH keys without warning or
confirmation. It has happened once in the last year, and the new key
was authoritatively confirmed very quickly thereafter.
Kris
PGP signature
