updated SSH key

Jon Turney jon.turney@dronecode.org.uk
Fri Feb 21 15:20:00 GMT 2020

On 20/02/2020 21:35, Schulman, Andrew via cygwin-apps wrote:
> Thanks!
> I was just sitting here thinking about the merits of verifying a new
> key request like that by some kind of secure signature system, versus
> just posting the request on a public mailing list, and having a human
> acknowledge to the developer's previously known email address. I have
> to say, I can't see much more security benefit from the first method,
> that would justify the extra hassle. The second method is pleasantly
> simple.

Yeah, it would be nice to have something like SSKM [1], but our gitolite 
usage is sufficiently non-standard that would need some hacking on to fit.

And that doesn't help with initial keys, and people who've lost their 
key (who we're presumably going to trust an email from), so given the 
small number of keys we're dealing with, it's hard to see it's worth the 

[1] https://gitolite.com/gitolite/contrib/sskm.html

More information about the Cygwin-apps mailing list