Re: RFC: gnupg
> >If root is compromised on a machine used for PGP, nothing is secure.
> >
> >Root can intercept keystrokes used for the pgp password, and can
> >replace the entire keyring.
Zed Pobre <zed@moebius.interdestination.net> wrote:
> Which would leave you with a keyring with keys with no signatures,
> since not even root on master can fake my signature on a key. I think
> someone would notice. A major compromise will compromise all new
> developer keys, certainly, but that was never an issue in my mind since
> it is common to all versions.
Ok, if that's all you're worried about, it can be addressed by making
public (for example: some place on the web site) the pgp signed instance
of the gpg public key.
--
Raul
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: