Re: Is Debian Repeat Secure?

To: debian-mentors <debian-mentors@lists.debian.org>
Subject: Re: Is Debian Repeat Secure?
From: Sascha Silbe <sascha-ml-reply-to-2010-3@silbe.org>
Date: Sun, 19 Sep 2010 12:15:28 +0200
Message-id: <[🔎] 1284889981-sup-5849@flatty.sascha.silbe.org>
Mail-followup-to: debian-mentors <debian-mentors@lists.debian.org>
In-reply-to: <[🔎] 871v8qxitl.fsf@windlord.stanford.edu>
References: <[🔎] 1284875897.30010.9.camel@delen> <[🔎] 871v8qxitl.fsf@windlord.stanford.edu>

Excerpts from Russ Allbery's message of Sun Sep 19 10:01:58 +0200 2010:

> I use gpg-agent with a five minute timeout, which is long enough to let me
> sign a bunch of packages while I'm actively working (plus git tags and so
> forth) but short enough that I'm not too worried about an attacker taking
> advantage of the cached password.

I wouldn't be worried about attackers taking advantage of a cached
passphrase. If an attacker has enough access to do that, you're hosed
anyway. Installing a key logger (hardware or software) or back door is
trivial.

Sascha

--
http://sascha.silbe.org/
http://www.infra-silbe.de/

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Is Debian Repeat Secure?
  - From: Martin Owens <doctormo@gmail.com>
- Re: Is Debian Repeat Secure?
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Is Debian Repeat Secure?
Next by Date: Re: problem with lintian overrides
Previous by thread: Re: Is Debian Repeat Secure?
Next by thread: RFS: xfe (updated package)
Index(es):
- Date
- Thread