Pascal Bleser wrote: > Any idea where the default key is stored? That's defined in BSConfig.pm
> On a side note, we actually do recrypt the packages before they > are published on the Packman FTP tree. Sounds strange. So the packages osc gets via the api are signed with a different key than the ones on ftp. > We verify the key they have been signed with in OBS, then unsign > them, then sign them again with an RSA 4096, and then they are > pushed to the tree. > Reason is that the RSA 4096 is kept on a strongly secured host > with selinux etc... AFAIK the signing architecure of OBS is designed exactly for such a setup. IE keep the private keys on an extra secured host that is only reachable via a dedicated connection. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) _______________________________________________ Packman mailing list [email protected] http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
