From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Q47sj-00081H-Na for garchives@archives.gentoo.org; Mon, 28 Mar 2011 08:33:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E990A1C0BA; Mon, 28 Mar 2011 08:32:52 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id CD5761C018 for ; Mon, 28 Mar 2011 08:32:24 +0000 (UTC) Received: from [10.20.5.240] (fw-gw-atm.mimuw.edu.pl [193.0.96.15]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: phajdan.jr) by smtp.gentoo.org (Postfix) with ESMTPSA id C72351B40BB for ; Mon, 28 Mar 2011 08:32:23 +0000 (UTC) Message-ID: <4D90478F.4070103@gentoo.org> Date: Mon, 28 Mar 2011 10:32:15 +0200 From: =?UTF-8?B?IlBhd2XFgiBIYWpkYW4sIEpyLiI=?= User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: rejecting unsigned commits References: <201103252133.27978.dilfridge@gentoo.org> <201103261012.17119.dilfridge@gentoo.org> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC02ADE57F8C703028DA6305A" X-Archives-Salt: X-Archives-Hash: 16ea7679373dce17c5621a161bc13200 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC02ADE57F8C703028DA6305A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 3/28/11 2:05 AM, Robin H. Johnson wrote: > I see so many bad ideas mentioned in this thread. The suggestions to > keep a gpg-agent with a very long passphrase TTL just provides a massiv= e > new security hole:=20 > =3D=3D=3D > Attacker breaks into developer's system, has access to SSH agent and GP= G > agent thanks to software like keychain, now can commit as that > developer. If a dev machine is compromised, the attacker can install a keylogger and sniff the passphrase. Or he can wait for the dev to enter the password into gpg-agent and then use it. Or pop up a fake passphrase dialog box. There many other things that can happen at that point. --------------enigC02ADE57F8C703028DA6305A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAk2QR5MACgkQuUQtlDBCeQLjrgCdHOr9NLZaX9hBa1DT2lkb/8dw DGcAnjHnjVwpcCjDuB+j4yNUnaqX/DTF =RuUO -----END PGP SIGNATURE----- --------------enigC02ADE57F8C703028DA6305A--