updated SSH key
Jon Turney
jon.turney@dronecode.org.uk
Fri Feb 21 15:20:00 GMT 2020
On 20/02/2020 21:35, Schulman, Andrew via cygwin-apps wrote:
> Thanks!
>
> I was just sitting here thinking about the merits of verifying a new
> key request like that by some kind of secure signature system, versus
> just posting the request on a public mailing list, and having a human
> acknowledge to the developer's previously known email address. I have
> to say, I can't see much more security benefit from the first method,
> that would justify the extra hassle. The second method is pleasantly
> simple.
Yeah, it would be nice to have something like SSKM [1], but our gitolite
usage is sufficiently non-standard that would need some hacking on to fit.
And that doesn't help with initial keys, and people who've lost their
key (who we're presumably going to trust an email from), so given the
small number of keys we're dealing with, it's hard to see it's worth the
effort.
[1] https://gitolite.com/gitolite/contrib/sskm.html
More information about the Cygwin-apps
mailing list