Excerpts from Russ Allbery's message of Sun Sep 19 10:01:58 +0200 2010: > I use gpg-agent with a five minute timeout, which is long enough to let me > sign a bunch of packages while I'm actively working (plus git tags and so > forth) but short enough that I'm not too worried about an attacker taking > advantage of the cached password.
I wouldn't be worried about attackers taking advantage of a cached passphrase. If an attacker has enough access to do that, you're hosed anyway. Installing a key logger (hardware or software) or back door is trivial. Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/
signature.asc
Description: PGP signature
