On 10/31/2016 01:34 AM, Michał Górny wrote: > The major difference between a developer key and an automated key is > that the latter is far easier target. I think we can trust Gentoo > developers to at least have their keys encrypted. I suppose most of > them don't 'git log -p' the commits their sign but well, it's still > harder to target a developer PC than a public server that most likely > keeps its signature key unencrypted (or with cleartext password).
How about if we use subkeys that expire every 3 months or so. Realistically, won't that provide a reasonable level of security? That way, whoever is stealing our keys for the purposes of man-in-the-middle attacks will have to get a new copy of our key every 3 months. -- Thanks, Zac
