[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is Debian Repeat Secure?

Excerpts from Russ Allbery's message of Sun Sep 19 10:01:58 +0200 2010:

> I use gpg-agent with a five minute timeout, which is long enough to let me
> sign a bunch of packages while I'm actively working (plus git tags and so
> forth) but short enough that I'm not too worried about an attacker taking
> advantage of the cached password.

I wouldn't be worried about attackers taking advantage of a cached
passphrase. If an attacker has enough access to do that, you're hosed
anyway. Installing a key logger (hardware or software) or back door is



Attachment: signature.asc
Description: PGP signature

Reply to: