[Teammetrics-discuss] Updating data?

[Sukhbir Singh]

Hi Andreas,

So everything (our automated script) seems to work, except that I
think that after the Alioth outage, I managed to delete the public key
entry of our password-less key on Alioth. I think we should generate a
new one anyways.

Before I do that, I was thinking, after our last conversation with
Charles, we have been using that key for quite a while now. Do you
think perhaps we should tell the Alioth admins that we are doing this?
If yes, then I think you should ask them if it is OK to do this since
we basically have a passwordless key lying on a VPS that can mess up
at least the repositories. I thought about it and as I was about to
add a new key, I thought I should discuss this with you.

>From the last conversation we had with Charles:

https://lists.alioth.debian.org/pipermail/teammetrics-discuss/2012-April/000841.html:

> In my understanding, an attacker who would steal the private key would be able
> to push stuf to the SVN repositories on Alioth (or exploit a security flaw of
> /usr/bin/svnserve), but is not able to do anything else.

Well, OK I guess?