On 3/28/11 2:05 AM, Robin H. Johnson wrote: > I see so many bad ideas mentioned in this thread. The suggestions to > keep a gpg-agent with a very long passphrase TTL just provides a massive > new security hole: > === > Attacker breaks into developer's system, has access to SSH agent and GPG > agent thanks to software like keychain, now can commit as that > developer.
If a dev machine is compromised, the attacker can install a keylogger and sniff the passphrase. Or he can wait for the dev to enter the password into gpg-agent and then use it. Or pop up a fake passphrase dialog box. There many other things that can happen at that point.
signature.asc
Description: OpenPGP digital signature