For the documentation it is need to decide if Codeberg recommend an passphrase secured key or not.
Just say yes because it is more secure doesn't help because it is theoretical.
I would argue that a passphrase is not needed if you use different keys for different machines. If someone use/stole this key all modifications on the account and repository are logged.
If the user is aware of the stolen key it can be removed.
It is know that it lower the security if a process becomes to complex.
Is there a defined way to find consense about such questions?
For the documentation it is need to decide if Codeberg recommend an passphrase secured key or not.
Just say _yes_ because it is more secure doesn't help because it is theoretical.
I would argue that a passphrase is not needed if you use different keys for different machines. If someone use/stole this key all modifications on the account and repository are logged.
If the user is aware of the stolen key it can be removed.
It is know that it lower the security if a process becomes to complex.
Is there a defined way to find consense about such questions?