Re: RFC: gnupg
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 5 Jul 1998, Raul Miller wrote:
>If root is compromised on a machine used for PGP, nothing is secure.
>
>Root can intercept keystrokes used for the pgp password, and can
>replace the entire keyring.
Which would leave you with a keyring with keys with no signatures,
since not even root on master can fake my signature on a key. I think
someone would notice. A major compromise will compromise all new
developer keys, certainly, but that was never an issue in my mind since
it is common to all versions.
=============================================================================
Zed Pobre <zed@va.debian.org> | PGP key on servers, fingerprint on finger
=============================================================================
-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv
iQEVAwUBNaAL0twPDK/EqFJbAQH06ggAtqDfWoui28N+SuC2mhH2C1jOOr6bJlHB
h2jNYPM1aEQI5wvIw6HYbQDmbCM0y1Kk6qkH6WPWVfKQaqdi9SMvpPbMME882M0L
7M+hrUog5aDGF/SYBkkIuxgv9qhjwlOqi2qOFT9qnzWFeGLC3qEAlKAkWJMjViBP
6IRKDAcFLXo51dZmYkhYgDTBi2LPCFBbRqnhBGK/hi4b5Twbkkif8S85UZHCyeJo
sR0HT9uG/7qKHogw6Fm9lPJTRxmH7AlIQDrihlt+zpRz21PFWn6gaYFQ//bNwbFW
fMKKGlit89XQC58YpStgZ6us9GMYyPaMmJ3JQVh7Ebwca9f5GV4Yfg==
=RVg7
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: