On Sun, Apr 08, 2018 at 07:09:06PM +0530, Pierre Neidhardt wrote:
>
> Morten Linderud writes:
>
> > What i have done now is to launch a second gpg-agent that only
> > provides an -extra socket with no caching what so ever.
>
> I thought of something along those lines.
On 04/08/2018 05:51 PM, Eli Schwartz via aur-general wrote:
> On 04/08/2018 07:49 AM, Florian Pritz via aur-general wrote:
>> On 08.04.2018 05:01, Eli Schwartz via aur-general wrote:
>>> If you're really afraid of someone running as either your user, or some
>>> user with the power to hijack your
On 04/08/2018 07:49 AM, Florian Pritz via aur-general wrote:
> On 08.04.2018 05:01, Eli Schwartz via aur-general wrote:
>> If you're really afraid of someone running as either your user, or some
>> user with the power to hijack your SSH session, while you're trying to
>> sign something, then they
Morten Linderud writes:
> What i have done now is to launch a second gpg-agent that only
> provides an -extra socket with no caching what so ever.
I thought of something along those lines. Can you detail the commands
so that we can put that on the wiki?
--
Pierre
On Sun, Apr 08, 2018 at 06:09:27PM +0530, Pierre Neidhardt wrote:
>
> > Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can
> > enable
> > this only for connections to soyuz.
>
> But that's only for signing, so that won't do if I have subkeys used for
> other purposes
> Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can
> enable
> this only for connections to soyuz.
But that's only for signing, so that won't do if I have subkeys used for
other purposes under the same master key, right?
--
Pierre Neidhardt
signature.asc
Description:
On Sun, Apr 08, 2018 at 05:58:11PM +0530, Pierre Neidhardt via aur-general
wrote:
>
> What's the best practice to disable password caching? Set the timeout
> to zero?
>
> Does anyone know if it's possible to have have a zero-timeout when on
> soyuz while having another timeout time locally?
What's the best practice to disable password caching? Set the timeout
to zero?
Does anyone know if it's possible to have have a zero-timeout when on
soyuz while having another timeout time locally?
--
Pierre Neidhardt
signature.asc
Description: PGP signature
On 08.04.2018 05:01, Eli Schwartz via aur-general wrote:
> If you're really afraid of someone running as either your user, or some
> user with the power to hijack your SSH session, while you're trying to
> sign something, then they could just switch out your built files anyway.
> There's literally
On 04/07/2018 07:55 AM, Levente Polyak via aur-general wrote:
> On April 7, 2018 8:23:08 AM GMT+02:00, Pierre Neidhardt via aur-general
> wrote:
>>
>> To perform the complete operation on soyuz, we need to forward the
>> gpg-socket (and the SSH socket if different) to
On Sat, Apr 07, 2018 at 11:53:08AM +0530, Pierre Neidhardt via aur-general
wrote:
> To perform the complete operation on soyuz, we need to forward the
> gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP
> / Web of Trust security model: for a person with root access to
On April 7, 2018 8:23:08 AM GMT+02:00, Pierre Neidhardt via aur-general
wrote:
>
>To perform the complete operation on soyuz, we need to forward the
>gpg-socket (and the SSH socket if different) to soyuz, which defeats
>the PGP
>/ Web of Trust security model: for a
I've recently written a paragraph on how to build Arch Linux packages on
pkgbuild.com (a.k.a. soyuz):
https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#Remote_build_on_PKGBUILD.com
To perform the complete operation on soyuz, we need to forward the
gpg-socket (and the SSH
13 matches
Mail list logo