That'd take getting something malicious onto my machine, or sniffing the bluetooth packets from the keyboard to laptop. Though they'd need the pin number to unlock the key, which I have to type in whenever the laptop wakes up and I want to sign something. If they could do that, they could commit malicious code into Hadoop itself, even signing those commits with the same GPG key. Someone malicious would need physical access to my office to sign artifacts under my name. The same pubikey key is used for 2FA to github, for uploading artifacts and making the release.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |