On Thu, Jun 11, 2015 at 5:59 PM, Giancarlo Razzolini <grazzol...@gmail.com> wrote:
> Em 11-06-2015 17:56, Remi Gacogne escreveu: > >> (FDE and strong passphrases only buy you some time to do it). >> > In the case of stolen/lost, it buy you a lot of time. Or you are aware of > some cryptanalisys development I'm not aware of. > > Now, if your machine is compromised, then I think that you might have > bigger worries than the keys used to publish some packages on AUR. > > Cheers, > Giancarlo Razzolini > That's certainly true, but it's not the point. Seperate, individually revokable keys are a good idea if someone will be submitting from multiple machines. And it would help protect AUR down the line. So if it's fairly easy to implement, like Lukas said, +1 on that.