[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Is Debian Repeat Secure?

Hey all,

Building debs for ppa uses gpg and signs each source package build in
two different places requiring the unlocking of the gpg key twice.

I've been running a script which builds 4 packages for 3 ubuntu releases
which comes to typing in my gpg passphraise 24 times in succession (more
if I get it wrong).

Should I be concerned that possible snoopers have 24 opportunities to
watch my passphraise in physical space? And if typing in the passphraise
a lots of times isn't important, why have a passphraise at all?

Isn't this sort of problem what timed keyrings are for?



Reply to: