Re: Why ?
I took all of my existing keys out of use, and reissued the lot, because I couldn't remmeber exactly when each had been generated (or necessarily on which machine).
But to expect that level of action from everyone with a github account?
In the same way I expect browsers to flag up bad certs I'd expect SSH banners to warn about these compromised keys - or simply ignore them (with error in the server log at least, preferably in the banner)
Biting the hand that feeds IT
