I also agree that having a best practice document is useful. Here are some suggestions for clarification:
- The wiki page says: "Worse, if anyone else gets access to your private master key, they can make everyone believe they're you: they can upload packages in your name, vote in your name, and do pretty much anything else you can do. This can be very harmful for Debian. You might dislike it as well. You should keep your private master key very, very safe." This is confusing as when someone gets access to signing and encryption subkeys, he can also perform very harmful actions to Debian etc. until the real owner detects the problem and revokes his subkeys or until the subkeys expire. So keeping a master key very safe is important for other reasons: to make replacing a compromised key easier and to prevent signing other people's keys (until the compromised master key is revoked). But not to make package uploads safer, right? - It's not clear to me how much it makes sense (unless the key is protected by a poor password) to keep a master key just on separate offline drives if it is created or used on a system that has ever been connected to a network, especially when the computer is used for other purposes than signing. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
