Re: Developer security questions.
David Huggins-Daines <firstname.lastname@example.org> writes:
> On Wed, Jun 30, 1999 at 12:39:48PM -0700, karlheg wrote:
> > Is it possible for someone, if they gained root on my workstation, to
> > make a copy of my .pgp/ and .ssh/ directories, then use those from
> > anywhere on the net to log into master.debian.org, or sign a package
> > or email?
> Use a good, long, secure passphrase. If you are truly paranoid, then keep
> your secret key on a floppy or something (or one of those nifty "secret
> decoder ring" gadgets you can get these days :-)
In every case keep a copy of your secret ring in a known safe
place. If you do not have done it know, copy it to a floppy know! Do
not do it because you are paranoid, do it because you will be able to
issue a key revocation certificate in case your key gets compromised.
P.S.: Please vote against Spam! At
(Sorry Europeans only)
Key ID: 2048/E451C639 Jens Ritter
Key fingerprint: 5F 3D 43 1E 24 1E CC 48 1E 05 93 3A A7 10 73 37