On Tue, Oct 18, 2022 at 07:25:39AM -0700, Russ Allbery wrote:
> This is probably my security brain from my day job, but I would prefer to
> be able to drop permissions that I'm not currently using, as long as I can
> get them back easily. It reduces the blast radius of mistakes and
> compromises.
I would like to have the possibility of multiple credentials. Currently
everything in Debian proper is related to one single OpenPGP key. I
need that to do uploads pretty often. But in addition it can be used to
overtake my account and with it all my privileged access.
So the possibility of using another set of credentials with restricted
upload access, aka upload access to packages I specified myself, would
be really nice to avoid needing access to the one mighty key all the
time.
Bastian
--
To live is always desirable.
-- Eleen the Capellan, "Friday's Child", stardate 3498.9
