Is Debian Repeat Secure?
Building debs for ppa uses gpg and signs each source package build in
two different places requiring the unlocking of the gpg key twice.
I've been running a script which builds 4 packages for 3 ubuntu releases
which comes to typing in my gpg passphraise 24 times in succession (more
if I get it wrong).
Should I be concerned that possible snoopers have 24 opportunities to
watch my passphraise in physical space? And if typing in the passphraise
a lots of times isn't important, why have a passphraise at all?
Isn't this sort of problem what timed keyrings are for?