spamassassin-sysadmins mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <kmcgr...@apache.org>
Subject Re: PowerDNS web interface
Date Mon, 15 May 2017 21:58:36 GMT
On 5/15/2017 5:37 PM, Dave Jones wrote:
>
> My concern is I can sign it with your (Kevin's) key and even Brian's 
> key so the two of you can open it but what happens if another 5 or 10 
> years go by and we 3 are no longer volunteering as SA sysadmins?  The 
> next generation of sysadmins won't be able to open these files.
>
> There has to be a better way where we use an encrypted file with a 
> master password that we share and is recorded in a save place for the 
> future.
>
> I use LastPass for this and I have my master password in an envelope 
> in a safe for my wife to open in the event I am no longer on this 
> planet. I have instructed her to take this envelope to any of my 
> techie friends and they would know how to help her get access of all 
> of my online accounts.  We need something like this for this team. 

The first consideration is that the method above with SVN is considered 
acceptable to the foundation and exists already.  It long predates me 
and has a strong encryption pedigree.  It also doesn't rely on a service 
being in business since it uses all open source software and files that 
you can mirror today.

What I have done that is similar to what you describe is that my 
passphrase for my private key is in my safe.  So should I leave this 
mortal coil, the data is all recoverable.

Also, we are trying to move away from master passwords as much as 
possible.  Sharing of root credentials should be avoided as just a 
general security mantra.

Do you feel strongly enough about it to debate it with infra and see 
what their thoughts are?

Regards,

KAM


-- 
Kevin A. McGrail
Asst. Treasurer, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project


Mime
View raw message