Hey, > Well, Albert and I use (the same user on) the same server to make releases. > So the private key will have to be on that server, otherwise it will become > very inconvenient (download, sign, upload). > > But if that's good enough, and if we can tell gpg2 which private key to use > (so he and I don't use the same), then we can proceed with the idea.
you don't need to have the privatekey on the server - We have gpg-agent and ssh - so you can forward the gpg-agent to the server when doing a release. That way the private keymatierial stays safe at your place: https://www.isi.edu/~calvin/gpgagent.htm Regards, sandro _______________________________________________ release-team mailing list [email protected] https://mail.kde.org/mailman/listinfo/release-team
