From Fedora Project Wiki

Mass Password Updates

Introduction

From time to time, but not often enough to cause an undue burden on contributors, Fedora Infrastructure may require all contributors to change their current passwords and/or ssh keys. These events should be clearly communicated with contributors, explaining any triggering events, rationale and deadlines. Additionally, pointers to existing security documentation should be provided to allow contributors to make good security decisions about their passwords and keys, keeping them secure and safe. Security of all contributors is important to the entire project.

Requirements

A number of requirements should be met before scheduling and announcing a mass password change event:

  • Documentation should be updated and reviewed. This includes the CSI security docs as well as general "best practices" pages for contributors. These documents will be read by many contributors so should contain up to date information and practices.
  • Scheduling of announcements and deadlines should be made. Consult with the Fedora Board, FESCo and other interested parties. Deadlines should avoid causing issues with releases. The deadline should be far enough in advance that a contributor who is on vacation or busy will have time to act.
  • After a deadline has been determined, announcements should be made, with periodic reminders.
  • On the deadline day, unchanged accounts should be marked 'inactive', requiring the user to login to the account system to reactivate them.

Triggering events

Sometimes there will be a triggering event that requires passwords or keys to be changed. Periodically, there may be a mass change in order to raise security consciousness, or to change password or key requirements. Any announcements of a mass change should include information about there being a triggering event or the change being periodic.

Some possible triggering events:

  • Changes to rules about password length or composition.
  • Changes to requirements about type and size of ssh keys.
  • A security event where password information may have been leaked.

Rationale

Announcements about changes should include rationale for the change. For periodic events:

From time to time, the Fedora Project requires changing your password and ssh key. We suggest you take a few minutes to read the CSI Security Policy document and determine if you should change any of your security practices. While your password and ssh key are currently secure as far as we know, taking a few minutes to generate new ones now allows you to become familiar with the process as well as allowing you to consider security practices. We are sorry for any inconvenience this may cause.