[python-committers] SSH fingerprint
Eric V. Smith
eric at trueblade.com
Tue Mar 26 13:56:43 CET 2013
On 3/26/2013 8:39 AM, Roger Serwy wrote:
>
>> Well if a MITM attacker tries to use your ssh access to do anything
>> nasty,
>> another developer will probably notice quite quickly.
>> (the only "nasty thing" the ssh access allows you to do is "hg push",
>> IIRC; still, that can trigger code execution on the buildbots)
>>
>>
> Sure, but it would be better to actually have the fingerprints to avoid
> the MITM attack altogether.
I completely agree. "We'll notice the damage" is not a great reason to
avoid publishing the fingerprints.
> Can someone log into hg.python.org and get the public keys for the server?
Not me. But from my hosts, I get:
RSA key fingerprint is ec:98:fe:7b:e1:0f:88:c5:93:37:83:64:a4:cc:aa:01.
--
Eric.
More information about the python-committers
mailing list