I have some questions regarding security. Is it possible for someone, if they gained root on my workstation, to make a copy of my .pgp/ and .ssh/ directories, then use those from anywhere on the net to log into master.debian.org, or sign a package or email? I don't think this happened... but wonder if it could. What should I know about this?