On Sun, Dec 07, 2008 at 11:10:29AM +0000, Magnus Therning wrote: > Douglas A. Tutty wrote: > > On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote: > > I wonder about the latest comment on this thread. Examine why you don't > > want the secret key on the build server and why you would feel more > > secure with the signing done on a separate server. > > Well, the main reason is that there are _a_lot_ of people with direct > access to the build server. The idea is to find a way to limit people's > _direct_ access to the server with the keys. I know there are problems, > but hopefully it doesn't require too much work to at least achieve some > traceability in such a setup.
However, if people you don't totally trust have access to the build server, couldn't they fitz the packages before they're signed? Don't the keys have a passphrase option? Then, when you are ready to sign the packages, you'd have to enter the passphrase. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
