Fedora Contributors,
Recently, there has been a lot of news about the vulnerability impacting the Debian and Debian-derived OpenSSL Random Number Generator[1]. While Fedora's OpenSSL did not contain this vulnerability, we are potentially impacted by it. If you generated your key on an affected Debian-based[2] system then you need to regenerate and replace your SSH key(s) on all systems you access with those keys. Instructions for how to do that for Fedora are here. [3]
As a general rule, if you do not know when/where you created your key or whether you have ever authenticated to a Debian-based system then replace any and all ssh keys you use. This is a good plan for all ssh keys, independent of whether or not they are used in the Fedora infrastructure.
We would appreciate your prompt attention to this matter.
Sincerely, Fedora Infrastructure Team
[1] http://lists.debian.org/debian-security-announce/2008/msg00152.html [2] Debian, Ubuntu, Knoppix, etc. [3] http://fedoraproject.org/wiki/Infrastructure/ReplacingSSHKey
devel-announce@lists.fedoraproject.org