Wasn't sure if this was better posted here or in misc@, but seemed relevant to port authors.
Understandably package signing should be on an air gapped system, but pkg_sign allows for passhrases on keys. However, it doesn't seem to remember the passphrase if multiple packages are provided. Even if air gapped I feel like a passphrase on a key is a good idea but it makes bulk signing a pain. What is the best practice for signing custom packages? Is there a better way to handle the passphrase for multiple packages? -- Sent from my mobile device, please excuse my brevity and formatting issues.