-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 13, 2008, at 7:12 PM, Martin v. Löwis wrote: >> If you generated your python subversion ssh key during this time on a >> machine fitting the description above, please consider replacing your >> keys. >> >> apt-get update ; apt-get upgrade on debian will provide you with a >> ssh-vulnkey program that can be used to test if your ssh keys are >> valid or not. > > I'll ping all committers for which ssh-vulnkey reports COMPROMISED. > > I personally don't think the threat is severe - unless people also > published their public SSH keys somewhere, there is little chance that > somebody can break in by just guessing them remotely - you still need > to try a lot of combinations for user names and passwords, plus with > subversion, we'll easily recognize doubtful checkins (as we do even > if the committer is legitimate :-). It's also probably worth checking the keys for everyone who has shell access on the python.org machines. - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iQCVAwUBSCpCXHEjvBPtnXfVAQLy5gP+MZJ7/RKDqw9QKvNr9rlGm7GjOBkuWR3B UA91clzb4Iuy+51+V4B3iUcdmwGtpfYum8/2+1/qpi7abO/IiIQvvOKczQzkv5XL ALh59zR2iiBuNg1BVW0JPdkyNt6qr2oe8kKdUZfyrwRSKIukX+e40Oa+1zvfp0E7 9AumiqMUCtI= =EXC8 -----END PGP SIGNATURE-----
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4