Here you ask for five minutes of learning, later in this thread you seem to (correct me) expect people to get a good grasp on ssh and key management to avoid being 'dangerous'.
Is both correct? Or would you agree that 5min to learn how ssh works, even for a broad overview, is not exactly helping / changing anything.
Two different issues got mixed together here, and I wasn't good at distinguishing them in my comments.
It should take five minutes for them to learn the basics of public key crypto so that their eyes don't glaze over when you say "public key", "private key", "fingerprint", or "RSA". I consider this basic knowledge absolutely essential for anyone using these concepts, even indirectly. Without it, you're dangerous.
Once those concepts are in place, it shouldn't even take five minutes for them to understand what SSH is doing, because SSH is a very simple and obvious application of the concepts. It should be self-evident from the brief discussions in github's instructions what is going on.
And once you've taken the five minutes to understand the concepts, not being dangerous is likewise simple and obvious:
* Put a good passphrase on your key.
* Don't share your key with others.
* Don't type in the passphrase for your key on any computer you don't trust at least as much as your own.
Notice how these aren't fundamentally different from protecting a password.
We are talking about inherently intelligent people with a good capacity for learning. It is mind-boggling to me that anyone would argue that these people should not have to spend five minutes to understand at even the most basic, limited level, how critical tools they want to use work.
Is both correct? Or would you agree that 5min to learn how ssh works, even for a broad overview, is not exactly helping / changing anything.