On 09.04.2014 18:39, Jo wrote: > Hi all, this is my first post in this list, so again Hi all! > > I'm a bit concerned about the signing keys of the portage tree releases, > I know that gpg is not the same as openssl but keeping in mind that SSH, > VPN, HTTPS keys might be compromised for two years, don't you think it's > a healthy measure to generate a new pair of keys?
GPG private keys are kept and used nowhere near any server processes, not transferred via HTTPS or any VPNs, and SSH is not affected. I don't see an immediate need to rotate them. -- Alex Legler <a...@gentoo.org> Gentoo Security/Ruby/Infrastructure
signature.asc
Description: OpenPGP digital signature
