Is Debian Repeat Secure?

To: Debian Mentors <debian-mentors@lists.debian.org>
Subject: Is Debian Repeat Secure?
From: Martin Owens <doctormo@gmail.com>
Date: Sun, 19 Sep 2010 01:58:17 -0400
Message-id: <[🔎] 1284875897.30010.9.camel@delen>

Hey all,

Building debs for ppa uses gpg and signs each source package build in
two different places requiring the unlocking of the gpg key twice.

I've been running a script which builds 4 packages for 3 ubuntu releases
which comes to typing in my gpg passphraise 24 times in succession (more
if I get it wrong).

Should I be concerned that possible snoopers have 24 opportunities to
watch my passphraise in physical space? And if typing in the passphraise
a lots of times isn't important, why have a passphraise at all?

Isn't this sort of problem what timed keyrings are for?

Thoughts?

Martin,

Reply to:

Follow-Ups:
- Re: Is Debian Repeat Secure?
  - From: Chris Baines <cbaines8@gmail.com>
- Re: Is Debian Repeat Secure?
  - From: Russ Allbery <rra@debian.org>

Prev by Date: RFS: kstars-data-extra-tycho2
Next by Date: Re: Is Debian Repeat Secure?
Previous by thread: RFS: kstars-data-extra-tycho2
Next by thread: Re: Is Debian Repeat Secure?
Index(es):
- Date
- Thread