[arch-general] How long do you make the passphrase for the private key?

[Ralf Mardorf]

You want to make the packages available for general use. Does general
use require behavioral biometric verification and spring guns?

Black hats are able to hack Google and Facebook, what ever you
will do, you never ever will be able to reach the level of security
those and the other most successful computer related companies are able
to accomplish.

IMO an averaged "strong" but still memorizable passphrase, even when
following obsolet rules, is ok.