In wake of Kernel.org
, The Linux Foundation
, and WineHQ
being compromised, the Fedora Project has mandated new security changes.
While the Red Hat / Fedora Project infrastructure has not been compromised, it's been decided that all users of the Fedora Account System must change their password and upload a new SSH public key prior to month's end. For users not changing out their password and SSH key, their accounts will be marked inactive.
"This change event has NOT been triggered by any specific compromise or vulnerability in Fedora Infrastructure. Rather, we believe, due to the large number of high profile sites with security breaches in recent months, that this is a great time for all Fedora contributors and users to review their security settings and move to "best practices" on their machines. Additionally, we are putting in place new rules for passwords to make them harder to guess."
New Fedora passwords must be nine or more (lower and upper case) characters and include letters, digits, and punctuation marks. If wishing to do away with punctuation marks in the password, it must be ten or more upper and lower case characters and digits. If your password is at least 20 characters long, you can get away with all letters that are lower-case.
In the mailing list message
announcing these security changes, various other security precautions and recommendations are also laid out.