[Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
"Martin v. Löwis"
martin at v.loewis.de
Wed May 14 01:12:51 CEST 2008
> If you generated your python subversion ssh key during this time on a
> machine fitting the description above, please consider replacing your
> keys.
>
> apt-get update ; apt-get upgrade on debian will provide you with a
> ssh-vulnkey program that can be used to test if your ssh keys are
> valid or not.
I'll ping all committers for which ssh-vulnkey reports COMPROMISED.
I personally don't think the threat is severe - unless people also
published their public SSH keys somewhere, there is little chance that
somebody can break in by just guessing them remotely - you still need
to try a lot of combinations for user names and passwords, plus with
subversion, we'll easily recognize doubtful checkins (as we do even
if the committer is legitimate :-).
Regards,
Martin
More information about the Python-Dev
mailing list