[Systems] [Fwd: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30]

[Luke Faraone]

On 10/12/2011 01:30 PM, Bernie Innocenti wrote:
> All existing users of the Fedora Account System (FAS) at 
> https://admin.fedoraproject.org/accounts are required to change their 
> password and upload a NEW ssh public key before 2011-11-30. 
> Failure to do so may result in your account being marked inactive. 
> Passwords changed and NEW ssh public keys uploaded after 2011-10-10 
> will meet this requirement. 
> 
> Backgound and reasoning: 
> 
> This change event has NOT been triggered by any specific compromise or 
> vulnerability in Fedora Infrastructure. Rather, we believe, due to the 
> large number of high profile sites with security breaches in recent
> months, that this is a great time for all Fedora contributors and users
> to review their security settings and move to "best practices" on their
> machines. Additionally, we are putting in place new rules for passwords
> to make them harder to guess. 

Seems sensible. We should really also require people with access to
Sugar Labs machines have GPG keys in the strong set, IMHO.

> New Password Rules: 
> 
> * Nine or more characters with lower and upper case letters, digits and
>   punctuation marks.
> * Ten or more characters with lower and upper case letters and digits.
> * Twelve or more characters with lower case letters and digits
> * Twenty or more characters with all lower case letters. 
> * No maximum length. 

No issues here.

-- 
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs, Systems
lfaraone on irc.[freenode,oftc].net -- http://luke.faraone.cc
PGP fprint: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sugarlabs.org/private/systems/attachments/20111012/8f255f39/attachment.pgp>