package maintenance from multiple PCs ?
Ignacio Vazquez-Abrams
ivazqueznet at gmail.com
Mon Sep 22 01:28:16 UTC 2008
On Mon, 2008-09-22 at 08:25 +1000, David Timms wrote:
> Ignacio Vazquez-Abrams wrote:
> > On Sun, 2008-09-21 at 17:12 +1000, David Timms wrote:
> >> Hi, I've recently been trying to do package development from my notebook
> >> PC, rather than my desktop PC {which has all the ssh certs,
> >> own/fedora/fedara certs, and the client side certificate}.
> >>
> >> To use a second development machine is it necessary and sufficient to:
> >> cp from my account on original desktop:
> >
> >> - .ssh/id_rsa.pub
> >
> > Not required unless you want to set up other machines for entry with the
> > same key.
> Isn't this required to be uploaded to fas so that cvs commits can work ?
Once.
> [Oh, since public is already uploaded, I don't need it again unless the
> key is regenerated {and then it's a new public key}] ?
Correct.
> Don't you then need at least the private key on the second machine ?
Yes. But .pub is the public key.
> >> If I have all the same key/certs on the notebook, what are the security
> >> implications if the machine is stolen {and obtained by someone with
> >> malicious ideas} etc ?
> >
> > 1) Your passphrase can be brute-forced, thereby possibly gaining some
> > knowledge about your passphrases in general.
> So make sure you used a strong passphrase ?
> Or is that not enough ?
Just don't use predictable patterns across the board, such as "family
members' names with the second letter 1337-ized and the fourth letter
capitalized", etc. Or if you *are* going to use a predictable pattern,
make the pattern "ludicrously long/complex passwords".
> > 2) Someone can act as you in koji, both in the browser and in the
> > command line ("Beware criminals requeueing packages").
> Which id parts are used by cvs, koji, bodhi ?
I'm not certain about this, but cvs is your ssh key, koji is your SSL
cert, and I'm not sure what bodhi uses.
--
Ignacio Vazquez-Abrams <ivazqueznet at gmail.com>
PLEASE don't CC me; I'm already subscribed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080921/4229dc77/attachment.sig>
More information about the fedora-devel-list
mailing list