On Thu, 2006-03-02 at 14:50 -0800, Henri Yandell wrote: > > > We're not supposed to be using the pgp on minotaur; so my TODO is to > > > figure out how to get my key off of there, hope I still know the > > > passphrase, > > > > i hope so too :) > > > > there are various ways to export the key but copying the files should > > work fine too. > > Advice is to revoke it - as who knows what you evil buggers have been > doing to it :)
It's not because people with access to minotaur are untrustworthy that keys shouldn't be there :-) It's that if the key is on there, someone who hacks that machine has *both* the key *and* the ability to publish what would seem to be "official" releases. If the key is on your home machine, then someone has to hack *both* that *and* minotaur to do the same. Even if your home machine isn't that secure, it's an improvement. At least that's how I understand it. Cheers, Simon --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
