package maintenance from multiple PCs ?

Nigel Jones dev at nigelj.com
Mon Sep 22 03:02:32 UTC 2008 

On Sun, 2008-09-21 at 21:28 -0400, Ignacio Vazquez-Abrams wrote:
> On Mon, 2008-09-22 at 08:25 +1000, David Timms wrote:
> > Ignacio Vazquez-Abrams wrote:
> > > On Sun, 2008-09-21 at 17:12 +1000, David Timms wrote:
> > >> Hi, I've recently been trying to do package development from my notebook 
> > >>   PC, rather than my desktop PC {which has all the ssh certs, 
> > >> own/fedora/fedara certs, and the client side certificate}.
> > >>
> > >> To use a second development machine is it necessary and sufficient to:
> > >> cp from my account on original desktop:
> > > 
> > >> - .ssh/id_rsa.pub
> > > 
> > > Not required unless you want to set up other machines for entry with the
> > > same key.
> > Isn't this required to be uploaded to fas so that cvs commits can work ?
> 
> Once.
> 
> > [Oh, since public is already uploaded, I don't need it again unless the 
> > key is regenerated {and then it's a new public key}] ?
> 
> Correct.
> 
> > Don't you then need at least the private key on the second machine ?
> 
> Yes. But .pub is the public key.
> 
> > >> If I have all the same key/certs on the notebook, what are the security 
> > >> implications if the machine is stolen {and obtained by someone with 
> > >> malicious ideas} etc ?
> > > 
> > > 1) Your passphrase can be brute-forced, thereby possibly gaining some
> > > knowledge about your passphrases in general.
> > So make sure you used a strong passphrase ?
> > Or is that not enough ?
> 
> Just don't use predictable patterns across the board, such as "family
> members' names with the second letter 1337-ized and the fourth letter
> capitalized", etc. Or if you *are* going to use a predictable pattern,
> make the pattern "ludicrously long/complex passwords".
> 
> > > 2) Someone can act as you in koji, both in the browser and in the
> > > command line ("Beware criminals requeueing packages").
> > Which id parts are used by cvs, koji, bodhi ?
> 
> I'm not certain about this, but cvs is your ssh key, koji is your SSL
> cert, and I'm not sure what bodhi uses.
Bodhi uses json over HTTPS (and your normal FAS password) iirc
> 
> -- 
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
-- 
Nigel Jones <dev at nigelj.com>

More information about the fedora-devel-list mailing list