Re: Security guidelines for Debian people
I also agree that having a best practice document is useful.
Here are some suggestions for clarification:
- The wiki page says: "Worse, if anyone else gets access to your private
master key, they can make everyone believe they're you: they can
upload packages in your name, vote in your name, and do pretty much
anything else you can do. This can be very harmful for Debian. You
might dislike it as well. You should keep your private master key
very, very safe."
This is confusing as when someone gets access to signing and
encryption subkeys, he can also perform very harmful actions to Debian
etc. until the real owner detects the problem and revokes his subkeys
or until the subkeys expire. So keeping a master key very safe is
important for other reasons: to make replacing a compromised key
easier and to prevent signing other people's keys (until the
compromised master key is revoked). But not to make package uploads
safer, right?
- It's not clear to me how much it makes sense (unless the key is
protected by a poor password) to keep a master key just on separate
offline drives if it is created or used on a system that has ever been
connected to a network, especially when the computer is used for other
purposes than signing.
Reply to: