[aur-general] [AUR4] Support of multiple ssh public keys

Øyvind Heggstad mrelendig at har-ikkje.net
Fri Jun 12 11:27:43 UTC 2015


On Thu, 11 Jun 2015 21:58:33 -0400
David Kaylor <dpkaylor at gmail.com> wrote:

> On Thu, Jun 11, 2015 at 5:59 PM, Giancarlo Razzolini
> <grazzolini at gmail.com> wrote:
> 
> > Em 11-06-2015 17:56, Remi Gacogne escreveu:
> >
> >> (FDE and strong passphrases only buy you some time to do it).
> >>
> > In the case of stolen/lost, it buy you a lot of time. Or you are
> > aware of some cryptanalisys development I'm not aware of.
> >
> > Now, if your machine is compromised, then I think that you might
> > have bigger worries than the keys used to publish some packages on
> > AUR.
> >
> > Cheers,
> > Giancarlo Razzolini
> >
> 
> That's certainly true, but it's not the point. Seperate, individually
> revokable keys are a good idea if someone will be submitting from
> multiple machines. And it would help protect AUR down the line. So if
> it's fairly easy to implement, like Lukas said, +1 on that.

Easiest way to attack a password protected private key:
Just put a keylogger on the target.

This is why we need u2f/similar support everywhere :/


More information about the aur-general mailing list