Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2008-May/079411.html below:

[Python-Dev] heads up on svn.python.org ssh keys

• Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
• Next message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If you generated your python subversion ssh key during this time on a
> machine fitting the description above, please consider replacing your
> keys.
> 
> apt-get update ; apt-get upgrade on debian will provide you with a
> ssh-vulnkey program that can be used to test if your ssh keys are
> valid or not.

I'll ping all committers for which ssh-vulnkey reports COMPROMISED.

I personally don't think the threat is severe - unless people also
published their public SSH keys somewhere, there is little chance that
somebody can break in by just guessing them remotely - you still need
to try a lot of combinations for user names and passwords, plus with
subversion, we'll easily recognize doubtful checkins (as we do even
if the committer is legitimate :-).

Regards,
Martin

• Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
• Next message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4