Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We contradict our own advice about forgetting about ssh keys #950

Open
maneesha opened this issue Aug 10, 2023 · 4 comments
Open

We contradict our own advice about forgetting about ssh keys #950

maneesha opened this issue Aug 10, 2023 · 4 comments
Labels
status:waiting for response Waiting for Contributor to respond to maintainers' comments or update PR

Comments

@maneesha
Copy link
Contributor

What is the problem?

In the section about keeping ssh keys secure, first we say that you can set it and forget it, but immediately after we have a callout that says you shouldn't forget about your ssh keys because they keep your account secure.

We should clarify this language to make it less confusing.

Location of problem (optional)

https://swcarpentry.github.io/git-novice/07-github.html#keeping-your-keys-secure
@martinosorb
Copy link
Contributor

I think this was done on purpose. It says "you can forget..." but then the callout says "...but don't actually", and it's a callout because this is more of a detail. Would it help if it said "you shouldn't actually forget...", so that it's clear we are purposefully referencing the previous sentence?

@martinosorb martinosorb added the status:waiting for response Waiting for Contributor to respond to maintainers' comments or update PR label Jul 2, 2024
@maneesha
Copy link
Contributor Author

maneesha commented Oct 8, 2024

I think this can be confusing to a novice learner, to say "You can forget it, but don't really forget it." More explicit language may be more useful here.

@erinmgraham
Copy link
Contributor

Hi @maneesha,

Thank you for your contribution to the git-novice repository. We should have asked for you to suggest more explicit language at the time to make this section more clear ;-)

I'm actually in favour of dropping the section starting with the sentence "The first thing" and ending with 'Since they don't exist on Alfredo's computer". Even if the user already has a key pair we don't have content explaining how to use them instead of a new one and the content continues as if they don't already have a key pair.

We could then move the 'keeping your keys secure' callout to the end of section 3.1 after ls-ing that directory and add that the ssh directory could have multiple keys, e.g. "Remember, your SSH keys are crucial for keeping your account secure. The .ssh directory on your computer can contain multiple keys, each used for different purposes or remotes. For example, depending on how the key pairs were set up, you may find filenames such as id_rsa/id_rsa.pub that reflect the key type. It's good practice to audit your SSH keys regularly, especially if you use multiple computers to access your account."

Would that make things less confusing?

@erinmgraham erinmgraham mentioned this issue Jan 21, 2025
Open
@maneesha
Copy link
Contributor Author

It is hard to imagine what that will look like once it's all changed, but I think that makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:waiting for response Waiting for Contributor to respond to maintainers' comments or update PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maneesha @erinmgraham @martinosorb