GitLab

What happens if the Gmail password or RSA private key in #6383 (closed) is compromised? We should simulate that situation, and document the steps needed to recover from it.

The steps to be taken probably include at least

• Deactivate the Gmail account.
• Create a new Gmail account (or use one already created in reserve) with a new password.
• Set up a new application-specific IMAP password (see #6986 (closed)).
• Install the application-specific password on the facilitator.
• Generate a new RSA keypair and install on the facilitator.
• Insert the new email address and RSA public key in the flashproxy-reg-email program.
• Build new flashproxy-client packages with the new email address and public key.
• Security announcement of new packages.