netbsd-bugs: install/21627: ssh fingerprints for cvs servers needed

Subject: install/21627: ssh fingerprints for cvs servers needed
To: None <gnats-bugs@gnats.netbsd.org>
From: None <smb@research.att.com>
List: netbsd-bugs
Date: 05/20/2003 09:11:45

>Number:         21627
>Category:       install
>Synopsis:       ssh fingerprints for cvs servers needed
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    install-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue May 20 13:14:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Steven M. Bellovin
>Release:        NetBSD 1.6.1_RC2
>Organization:
AT&T Labs Research
>Environment:
	
	
System: NetBSD berkshire.research.att.com 1.6.1_RC2 NetBSD 1.6.1_RC2 (BERKSHIRE.nosound) #9: Tue Mar 4 09:42:32 EST 2003 smb@berkshire.research.att.com:/usr/src/sys/arch/i386/compile/BERKSHIRE.nosound i386
Architecture: i386
Machine: i386
>Description:
	We need to publish the ssh fingerprints of all of our CVS
	servers.  Someone connecting has no way to verify that they're
	reaching the right server.  I suggest that the file be on
	the NetBSD web site (linked-to from everywhere that talks about
	anonymous CVS over ssh), *plus* on all distribution CDs, which
	means that they should be in the installation sets.
>How-To-Repeat:
	
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: