[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security guidelines for Debian people

I also agree that having a best practice document is useful.

Here are some suggestions for clarification:

- The wiki page says: "Worse, if anyone else gets access to your private
  master key, they can make everyone believe they're you: they can
  upload packages in your name, vote in your name, and do pretty much
  anything else you can do. This can be very harmful for Debian. You
  might dislike it as well. You should keep your private master key
  very, very safe."

  This is confusing as when someone gets access to signing and
  encryption subkeys, he can also perform very harmful actions to Debian
  etc. until the real owner detects the problem and revokes his subkeys
  or until the subkeys expire.  So keeping a master key very safe is
  important for other reasons: to make replacing a compromised key
  easier and to prevent signing other people's keys (until the
  compromised master key is revoked).  But not to make package uploads
  safer, right?

- It's not clear to me how much it makes sense (unless the key is
  protected by a poor password) to keep a master key just on separate
  offline drives if it is created or used on a system that has ever been
  connected to a network, especially when the computer is used for other
  purposes than signing.
Reply to: