On lundi 12 septembre 2016 12:33:06 CEST Harald Sitter wrote:
> I'd say that you need to add your public key on the server's keyring.
Thanks Harald. It works !!!
--
David Faure, fa...@kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5
quick guide
https://gist.github.com/apachelogger/4aa69ad0637feedb330b3fadc7adea3a
with openssh 6.7 and gpg 2.1 it really is this simple (do note that
gpg2.1 needs to be on server and client!)
On Mon, Sep 12, 2016 at 12:33 PM, Harald Sitter wrote:
> On Sat, Sep 10, 2016 at 1:26
On Sat, Sep 10, 2016 at 1:26 PM, David Faure wrote:
> On lundi 8 août 2016 17:07:41 CEST Harald Sitter wrote:
>> 1. Move release tarballing from rosetta to a server/container with
>> gpg2.1
>
> So, now we are trying this.
>
> Partial success, ssh says
> "remote forward success"
>
On lundi 8 août 2016 17:07:41 CEST Harald Sitter wrote:
> 1. Move release tarballing from rosetta to a server/container with
> gpg2.1
So, now we are trying this.
Partial success, ssh says
"remote forward success"
and running gpg-connect-agent on the server works
(and it triggers debug output in
On Sun, Aug 7, 2016 at 9:01 PM, David Faure wrote:
> On mercredi 15 juin 2016 12:53:23 CEST Andre Heinecke wrote:
>> I'm using agent-forwarding through socat for that reason:
>>
>> Here is an example how I connect to . The last command is
>> executed after ssh on the server.
>>
>>
On mercredi 15 juin 2016 12:53:23 CEST Andre Heinecke wrote:
> I'm using agent-forwarding through socat for that reason:
>
> Here is an example how I connect to . The last command is
> executed after ssh on the server.
>
> (while true; do socat TCP-LISTEN:16668,bind=127.0.0.1
>
On Sun, Jul 3, 2016 at 12:20 AM, David Faure wrote:
> On lundi 13 juin 2016 15:33:51 CEST David Faure wrote:
>> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
>> > you don't need to have the privatekey on the server - We have gpg-agent
>> > and
>> > ssh - so you can forward
On lundi 13 juin 2016 15:33:51 CEST David Faure wrote:
> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
> > you don't need to have the privatekey on the server - We have gpg-agent
> > and
> > ssh - so you can forward the gpg-agent to the server when doing a release.
> > That way the
Hi,
On Monday 13 June 2016 15:33:51 David Faure wrote:
> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
> > you don't need to have the privatekey on the server - We have gpg-agent
> > and
> > ssh - so you can forward the gpg-agent to the server when doing a release.
> > That way the
On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
> you don't need to have the privatekey on the server - We have gpg-agent and
> ssh - so you can forward the gpg-agent to the server when doing a release.
> That way the private keymatierial stays safe at your place:
>
>
On Tuesday, June 7, 2016 6:16:04 PM CEST Harald Sitter wrote:
> On Tue, Jun 7, 2016 at 2:09 PM, Albert Astals Cid wrote:
> > El dilluns, 6 de juny de 2016, a les 11:39:25 CEST, Sandro Knauß va
escriure:
> >> Hey,
> >>
> >> > Well, Albert and I use (the same user on) the same
On Tue, Jun 7, 2016 at 2:09 PM, Albert Astals Cid wrote:
> El dilluns, 6 de juny de 2016, a les 11:39:25 CEST, Sandro Knauß va escriure:
>> Hey,
>>
>> > Well, Albert and I use (the same user on) the same server to make
>> > releases.
>> > So the private key will have to be on that
Hi,
Thanks for working on this. Signed tarballs would also help me when updating
KDE Packages in Gpg4win :-).
On Tuesday 07 June 2016 14:09:44 Albert Astals Cid wrote:
> El dilluns, 6 de juny de 2016, a les 11:39:25 CEST, Sandro Knauß va
escriure:
> > > Well, Albert and I use (the same user
El dilluns, 6 de juny de 2016, a les 11:39:25 CEST, Sandro Knauß va escriure:
> Hey,
>
> > Well, Albert and I use (the same user on) the same server to make
> > releases.
> > So the private key will have to be on that server, otherwise it will
> > become
> > very inconvenient (download, sign,
Hey,
> Well, Albert and I use (the same user on) the same server to make releases.
> So the private key will have to be on that server, otherwise it will become
> very inconvenient (download, sign, upload).
>
> But if that's good enough, and if we can tell gpg2 which private key to use
> (so he
On samedi 4 juin 2016 00:18:44 CEST Sandro Knauß wrote:
> On the one side, if the privatekey is easy to grab, it does not help
> improving security, but if the private key, lifes at only on a specifc
> secured computer it would help a lot.
Well, Albert and I use (the same user on) the same server
Hey,
> Does that really fix anything if noone has my gpg key in the
> trusted/validated signatures area? How do they know it's me that signed the
> package and not some hacker that got access to the server and did sign the
> tarballs?
On the one side, if the privatekey is easy to grab, it does
On Friday, June 3, 2016 4:02:43 PM CEST Albert Astals Cid wrote:
> El dijous, 2 de juny de 2016, a les 13:53:46 CEST, Harald Sitter va
escriure:
> > Ahoy
> >
> > At last weekends' Munich sprint, Jonathan and I discussed the
> > possibility of detached-signing our tarballs. Right now people have
El dijous, 2 de juny de 2016, a les 13:53:46 CEST, Harald Sitter va escriure:
> Ahoy
>
> At last weekends' Munich sprint, Jonathan and I discussed the
> possibility of detached-signing our tarballs. Right now people have to
> go to some website, get checksums, and then verify the downloaded
>
Ahoy
At last weekends' Munich sprint, Jonathan and I discussed the
possibility of detached-signing our tarballs. Right now people have to
go to some website, get checksums, and then verify the downloaded
tarballs matches the checksums.
This is not only terrible because it involves humans doing
20 matches
Mail list logo