On Thu, 2006-03-02 at 14:50 -0800, Henri Yandell wrote:
> > > We're not supposed to be using the pgp on minotaur; so my TODO is to
> > > figure out how to get my key off of there, hope I still know the
> > > passphrase,
> >
> > i hope so too :)
> >
> > there are various ways to export the key but copying the files should
> > work fine too.
>
> Advice is to revoke it - as who knows what you evil buggers have been
> doing to it :)
It's not because people with access to minotaur are untrustworthy that
keys shouldn't be there :-)
It's that if the key is on there, someone who hacks that machine has
*both* the key *and* the ability to publish what would seem to be
"official" releases.
If the key is on your home machine, then someone has to hack *both* that
*and* minotaur to do the same. Even if your home machine isn't that
secure, it's an improvement.
At least that's how I understand it.
Cheers,
Simon
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
|