[aur-general] [AUR4] Support of multiple ssh public keys
David Kaylor
dpkaylor at gmail.com
Fri Jun 12 01:58:33 UTC 2015
On Thu, Jun 11, 2015 at 5:59 PM, Giancarlo Razzolini <grazzolini at gmail.com>
wrote:
> Em 11-06-2015 17:56, Remi Gacogne escreveu:
>
>> (FDE and strong passphrases only buy you some time to do it).
>>
> In the case of stolen/lost, it buy you a lot of time. Or you are aware of
> some cryptanalisys development I'm not aware of.
>
> Now, if your machine is compromised, then I think that you might have
> bigger worries than the keys used to publish some packages on AUR.
>
> Cheers,
> Giancarlo Razzolini
>
That's certainly true, but it's not the point. Seperate, individually
revokable keys are a good idea if someone will be submitting from multiple
machines. And it would help protect AUR down the line. So if it's fairly
easy to implement, like Lukas said, +1 on that.
More information about the aur-general
mailing list