package maintenance from multiple PCs ?

Ignacio Vazquez-Abrams ivazqueznet at gmail.com
Mon Sep 22 01:28:16 UTC 2008


On Mon, 2008-09-22 at 08:25 +1000, David Timms wrote:
> Ignacio Vazquez-Abrams wrote:
> > On Sun, 2008-09-21 at 17:12 +1000, David Timms wrote:
> >> Hi, I've recently been trying to do package development from my notebook 
> >>   PC, rather than my desktop PC {which has all the ssh certs, 
> >> own/fedora/fedara certs, and the client side certificate}.
> >>
> >> To use a second development machine is it necessary and sufficient to:
> >> cp from my account on original desktop:
> > 
> >> - .ssh/id_rsa.pub
> > 
> > Not required unless you want to set up other machines for entry with the
> > same key.
> Isn't this required to be uploaded to fas so that cvs commits can work ?

Once.

> [Oh, since public is already uploaded, I don't need it again unless the 
> key is regenerated {and then it's a new public key}] ?

Correct.

> Don't you then need at least the private key on the second machine ?

Yes. But .pub is the public key.

> >> If I have all the same key/certs on the notebook, what are the security 
> >> implications if the machine is stolen {and obtained by someone with 
> >> malicious ideas} etc ?
> > 
> > 1) Your passphrase can be brute-forced, thereby possibly gaining some
> > knowledge about your passphrases in general.
> So make sure you used a strong passphrase ?
> Or is that not enough ?

Just don't use predictable patterns across the board, such as "family
members' names with the second letter 1337-ized and the fourth letter
capitalized", etc. Or if you *are* going to use a predictable pattern,
make the pattern "ludicrously long/complex passwords".

> > 2) Someone can act as you in koji, both in the browser and in the
> > command line ("Beware criminals requeueing packages").
> Which id parts are used by cvs, koji, bodhi ?

I'm not certain about this, but cvs is your ssh key, koji is your SSL
cert, and I'm not sure what bodhi uses.

-- 
Ignacio Vazquez-Abrams <ivazqueznet at gmail.com>

PLEASE don't CC me; I'm already subscribed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080921/4229dc77/attachment.sig>


More information about the fedora-devel-list mailing list