What you're telling me is two people potentially have regulated or confidential data not secured by IT, which nobody knows if got leaked.

For many organizations, that's literally illegal, and anyone who does this should be fired.

▲

mosura 6 hours ago | parent | next [-]

One notable example was signing keys for builds for distribution actually. And IT had a habit of handing them out to absolutely everyone. Being able to audit who did the signing was done in spite of IT who could, of course, never be persuaded of the merit of any process they don’t own.

But sure jump to more conclusions if you want.

▲

ocdtrekkie 5 hours ago | parent [-]

I won't discount your IT can be bad, but also if you're keeping something as core to your security as signing keys somewhere your IT can't audit, you are just as bad. And your IT won't be the ones fired when your keys leak.

	▲	mosura 3 hours ago \| parent [-]
		You are under the erroneous impression IT would be fired for leaking keys and not simply impose a new process that blames everyone else. And this is in Fortune 500 of course.

▲

pixl97 6 hours ago | parent | prev [-]

>, that's literally illegal, and anyone who does this should be fired.

I mean yea, but who knows how long that box would sit around before it was discovered.