commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Kitching <>
Subject Re: [all] MD5 and PGP generation [Was: [feedparser] News / Status]
Date Fri, 03 Mar 2006 00:40:12 GMT
On Thu, 2006-03-02 at 14:50 -0800, Henri Yandell wrote:
> > > We're not supposed to be using the pgp on minotaur; so my TODO is to
> > > figure out how to get my key off of there, hope I still know the
> > > passphrase,
> >
> > i hope so too :)
> >
> > there are various ways to export the key but copying the files should
> > work fine too.
> Advice is to revoke it - as who knows what you evil buggers have been
> doing to it :)

It's not because people with access to minotaur are untrustworthy that
keys shouldn't be there :-)

It's that if the key is on there, someone who hacks that machine has
*both* the key *and* the ability to publish what would seem to be
"official" releases.

If the key is on your home machine, then someone has to hack *both* that
*and* minotaur to do the same. Even if your home machine isn't that
secure, it's an improvement.

At least that's how I understand it.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message