So, Adobe has made a feeble attempt to one-up Equifax’ lunicy, and while Adobe gets points for trying, it still falls short…like Adobe usually does. But it is still not a good idea to leak your PRIVATE PGP key to the world.



It goes without saying that the disclosure of a private security key would, to put it mildly, ruin a few employees’ Friday. Armed with the private key, an attacker could spoof PGP-signed messages as coming from Adobe. Additionally, someone (cough, cough the NSA) with the ability to intercept emails – such as those detailing exploitable Flash security vulnerability reports intended for Adobe’s eyes only – could use the exposed key to decrypt messages that could contain things like, say, zero-day vulnerability disclosures.

Discussion

Source: [H]ardOCP – Adobe Tries to One-Up Equifax…Fails