Re: Developer security questions.
On Wed, Jun 30, 1999 at 12:39:48PM -0700, karlheg wrote:
> Is it possible for someone, if they gained root on my workstation, to
> make a copy of my .pgp/ and .ssh/ directories, then use those from
> anywhere on the net to log into master.debian.org, or sign a package
> or email?
Use a good, long, secure passphrase. If you are truly paranoid, then keep
your secret key on a floppy or something (or one of those nifty "secret
decoder ring" gadgets you can get these days :-)
If they get your passphrase, then yes, they can effectively assume your
identity.
--
dhd@maclinux.plcom.on.ca (wearing my Linux/m68k+Mac+Debian hat)
Latest kernels/patches: http://maclinux.plcom.on.ca/pub/
Reply to: