Github is exposing public SSH keys

Duplicate. <a href="http://news.ycombinator.com/item?id=5023665" rel="nofollow">http://news.ycombinator.com/item?id=5023665</a><p>Also, it doesn't make a difference, since they are <i>public</i> keys, like public GPG keys. They also aren't the only ones that do this - LaunchPad.net (where Ubuntu development takes place) also does it.<p><a href="https://code.launchpad.net/~jamesgifford/+sshkeys" rel="nofollow">https://code.launchpad.net/~jamesgifford/+sshkeys</a>

So what? Is somebody going to factorize my public key?<p>This is only an issue if 1) Users are relying on github as a trusted source of public keys, and 2) malicious users can modify the public keys.

It doesn't even have key names. Boring. (But useful -- I can provision accounts on servers I run with "oh I set up .ssh/authorized_keys with your Github keys"; thanks!)

Isn't being public the point of <i>public</i> keys?

Launchpad accounts have ssh keys as part of public user profiles. Should be ok :)<p>Ex: <a href="https://launchpad.net/~brad-figg" rel="nofollow">https://launchpad.net/~brad-figg</a>

Can someone help me understand why it is a problem if my public key is, uh, public?

Worst case scenario is that someone lets me access their server. Unless RSA is busted, right?

In other news: HN is revealing the user names of its users! Film at 11!