Kees- * May I ask for your opinion? * Do we want it to remain non-trivial to add public keys to authorized_keys? Is there a security reason for doing so? * Is this ssh-import-id utility just a bad idea? * Do you have security concerns about the key retrieval method? * Is SSL and/or Launchpad unsuitable for this sort of thing? * Would there be any reason to force the client to authenticate with the server too? (I'd think not, as this is a public key, and an open URI). * Is it inadvisable to put such a utility in /usr/bin such that it's discoverable in the default path? Would it be better to hide it away in /usr/lib or something? * Is openssh-server the right/wrong place for this utility? Does the answer to that question change whether we're talking about Lucid or Lucid+1? * Does this open up new opportunities for abuse somehow?
:-Dustin ** Summary changed: - ssh-import-id - retrieve a key from a public keyserver and add to the authorized_keys file + ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file -- ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file https://bugs.launchpad.net/bugs/524226 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs