Hallo, > umm -- Signing requires unlocking the GnuPG key to get a human > set of eyes, and confirmation that all seems to be well into > the process
Not GPG key but code signing certificate. The user that starts build process could unlock the key, BUT if the build machine is not trusted enough to put the key unencrypted in memory you have other problems. > -- an autosigning from a non-protected key cannot sensibly be > trusted, particularly with a process that has to run at some > point with root access rights Why should building drivers need root rights? greetings Carsten
