HW42 wrote:
> > +sign_buildinfo() {
> > + # Greate GPG key if it does not already exist
> > + if ! gpg --list-secret-keys | grep -qs '^sec' >/dev/null 2>&1
>
> Is this ever called concurrently?
Not on a node AFAICT.
> > +Subkey-Type: ELG-E
> > +Subkey-Length: 1024
>
> Huh?
Suggestions welcome. I cribbed it from the internet.
> > mail -s "buildinfo from $NODE1" [email protected] <
> > ./b1/$BUILDINFO || true
> > mail -s "buildinfo from $NODE2" [email protected] <
> > ./b2/$BUILDINFO || true
>
> I think you should also submit the signed .buildinfo here.
Up to Steven surely…?
Just to re-iterate — and I hope this comes across the right way! — but
the current state of buildinfo.debian.net is really just a hack, a demo,
a muse, etc. so haggling over things such as the subkey length of the
signatures seems a little premature or at least focussing on the wrong
areas, productivity-wise.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
_______________________________________________
Reproducible-builds mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
