[aur-general] [AUR4] Support of multiple ssh public keys

David Kaylor dpkaylor at gmail.com
Fri Jun 12 01:58:33 UTC 2015


On Thu, Jun 11, 2015 at 5:59 PM, Giancarlo Razzolini <grazzolini at gmail.com>
wrote:

> Em 11-06-2015 17:56, Remi Gacogne escreveu:
>
>> (FDE and strong passphrases only buy you some time to do it).
>>
> In the case of stolen/lost, it buy you a lot of time. Or you are aware of
> some cryptanalisys development I'm not aware of.
>
> Now, if your machine is compromised, then I think that you might have
> bigger worries than the keys used to publish some packages on AUR.
>
> Cheers,
> Giancarlo Razzolini
>

That's certainly true, but it's not the point. Seperate, individually
revokable keys are a good idea if someone will be submitting from multiple
machines. And it would help protect AUR down the line. So if it's fairly
easy to implement, like Lukas said, +1 on that.


More information about the aur-general mailing list