[Systems] [Fwd: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30]
luke at faraone.cc
Wed Oct 12 22:10:42 EDT 2011
On 10/12/2011 01:30 PM, Bernie Innocenti wrote:
> All existing users of the Fedora Account System (FAS) at
> https://admin.fedoraproject.org/accounts are required to change their
> password and upload a NEW ssh public key before 2011-11-30.
> Failure to do so may result in your account being marked inactive.
> Passwords changed and NEW ssh public keys uploaded after 2011-10-10
> will meet this requirement.
> Backgound and reasoning:
> This change event has NOT been triggered by any specific compromise or
> vulnerability in Fedora Infrastructure. Rather, we believe, due to the
> large number of high profile sites with security breaches in recent
> months, that this is a great time for all Fedora contributors and users
> to review their security settings and move to "best practices" on their
> machines. Additionally, we are putting in place new rules for passwords
> to make them harder to guess.
Seems sensible. We should really also require people with access to
Sugar Labs machines have GPG keys in the strong set, IMHO.
> New Password Rules:
> * Nine or more characters with lower and upper case letters, digits and
> punctuation marks.
> * Ten or more characters with lower and upper case letters and digits.
> * Twelve or more characters with lower case letters and digits
> * Twenty or more characters with all lower case letters.
> * No maximum length.
No issues here.
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs, Systems
lfaraone on irc.[freenode,oftc].net -- http://luke.faraone.cc
PGP fprint: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the Systems