-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Sat, Jul 18, 2020 at 08:04:35AM +0000, WillyPillow wrote:
> On Friday, July 17, 2020 5:56 PM, Wojtek Porczyk
> <[email protected]> wrote:
> > Maybe the -primary key and the key for siging ITL templates should be
> > separated? Would that be more convenient?
>
> I'm a bit unsure about this. Whether the -primary key or another key is
> used, isn't it the case that two files in two separate repos still need to
> be maintained anyway?
They need, and that's the point. So they may be two different key as well, not
just a copy of the same key. We can leave the -primary key in qubes-relase
in dom0 and have Marek generate another key for ITL templates.
Keypairs are cheap [1], so unless I missed something, I'd say this is
preferable solution to two others, which would be just more complicated to
mainain:
- - having two copies of the same key (we risk they desynchronise),
- - we have another package just for the -primary key (more packages to
maintain).
[1] If there is sufficient automation around crypto, but the template build
environment is already automated (there are two of them, as reflected by
- -primary and -community keys), so this is non-issue.
- --
pozdrawiam / best regards
Wojtek Porczyk
Invisible Things Lab
I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAl8TR1QACgkQv2vZMhA6
I1FBXw//dujVG+f+DQo066d5NJAHJhyzK6McNX4QcE5v6J0pExkEc8EcKU+edSdw
b7YNU5WV2cR+5kororOfPBfC0pEatPswnrGAcujiz/nEISzwnp7DeGy92fAdGZ8X
+6lAlhNrAhytTujp/xejEuCo8/8V61UcOSJbW/o7Zrun4LmOzk9/D/gEvspew9eR
mydnvKZQlNjOlNNzz3IO/6wZ/stROIW3MJl4IrNxnQGIR1CRAIU5M799SbIVZC8Y
jHOyI7n2dJ7AQuxI7hpP47E+ZGE1TErHIYjZSVxYlV795oMKeJUqUzI5YBpygGRm
U65c75AqZnsdF0Lh2Yv9tt+gd7A8LKw2yFEFtehY4DNmNId55/nMTG5b0X9Y5som
4SIGwloj20ZiHvRiSuZD0GnYG3GOJ64+5xYRwWmOVWLayAM3E3pbVu7O/mEjk05b
ytI4UQt+ls0qza00GdGKIKihyxcZuaDJCD08xpWYSxUZH8JxsdOL2QEs+p7UgcoT
2y+qXtiAtIQIE8+vJ+qi76mNmVfJ3KgkwZdkprXCNOzSZkxEtQDcpGUBd9z+slZT
QcaliyHe0HT7Th1n3Zueva043J/VIfVNWeNSKLHyf+52q3JPHgKSu7b/0VYlcOuy
B4iE92tBY1ZIL4MW2+sWSZx053LSpU0mY6XXbHSBl3ysfo/xG7E=
=1WOc
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/20200718190245.GB2122%40invisiblethingslab.com.
