Fedora To Implement Security Changes
Posted by Michael Larabel on October 12, 2011
In wake of Kernel.org, The Linux Foundation, and WineHQ being compromised, the Fedora Project has mandated new security changes.
While the Red Hat / Fedora Project infrastructure has not been compromised, it's been decided that all users of the Fedora Account System must change their password and upload a new SSH public key prior to month's end. For users not changing out their password and SSH key, their accounts will be marked inactive.
"This change event has NOT been triggered by any specific compromise or vulnerability in Fedora Infrastructure. Rather, we believe, due to the large number of high profile sites with security breaches in recent months, that this is a great time for all Fedora contributors and users to review their security settings and move to "best practices" on their machines. Additionally, we are putting in place new rules for passwords to make them harder to guess."
New Fedora passwords must be nine or more (lower and upper case) characters and include letters, digits, and punctuation marks. If wishing to do away with punctuation marks in the password, it must be ten or more upper and lower case characters and digits. If your password is at least 20 characters long, you can get away with all letters that are lower-case.
In the mailing list message announcing these security changes, various other security precautions and recommendations are also laid out.
While the Red Hat / Fedora Project infrastructure has not been compromised, it's been decided that all users of the Fedora Account System must change their password and upload a new SSH public key prior to month's end. For users not changing out their password and SSH key, their accounts will be marked inactive.
"This change event has NOT been triggered by any specific compromise or vulnerability in Fedora Infrastructure. Rather, we believe, due to the large number of high profile sites with security breaches in recent months, that this is a great time for all Fedora contributors and users to review their security settings and move to "best practices" on their machines. Additionally, we are putting in place new rules for passwords to make them harder to guess."
New Fedora passwords must be nine or more (lower and upper case) characters and include letters, digits, and punctuation marks. If wishing to do away with punctuation marks in the password, it must be ten or more upper and lower case characters and digits. If your password is at least 20 characters long, you can get away with all letters that are lower-case.
In the mailing list message announcing these security changes, various other security precautions and recommendations are also laid out.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).