Sad to see another compromise of a Debian host machine. Sad because there exist people who do this, rather than because we got caught out.

Would now be a good time to suggest restricting *.debian.org to key-based-logins only, and avoiding SSH password logins?

I don't know if all the services could be updated but I figure most could.

Yes this does mandate keeping an SSH key secure, and private, but we already require Debian Developers to do the same thing for a GPG key. Right?

Hell publish your public and private keypairs encrypted to your GPG key ;)

Right that is my post for the day.

Other news:

• Community adverts seem to be working out nicely. Suprising clickthough rate, I was expecting higher.
• xen hosting work is progressing. Almost at decision time.

No tags | No comments