[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS server key

From: Geraint Paul Bevan
Subject: Re: CVS server key
Date: Sun, 10 Oct 2004 22:14:54 +0100
User-agent: Mozilla Thunderbird 0.5 (X11/20040306)

Hash: SHA1

Jon H. Davis wrote:
| On Sun, 2004-10-10 at 05:42, Francesco Potorti` wrote:
|>>change.  I have not posted the host key anywhere.  Where should I post
|>>the host key?
|>Why not on this list?
|     Why is there any need to do anything? The ssh client tells you when
| the host key changes, and offers to update your .ssh files after giving
| you the warning that it has changed. End of story.

It was that notification from the ssh client that started this topic.

Before ever connecting to the CVS server on, the client's
hosts file doesn't know the correct key. Ideally, a user should be able
to check that they are communicating with the real server before
downloading, compiling and then executing the code.

Whenever the key changes, the client can notify you that the key has
changed, but it can't tell you *why* - whether it is due to a hardware
change (as in this case) or an attacker. A message to this mailing list
would certainly solve the problem in this second case.

- --
Geraint Bevan

Version: GnuPG v1.2.4 (GNU/Linux)


Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:
How to fund new projects:
Subscription information:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]