[Dev] Remote Lemote for Parabola development

Michał Masłowski mtjm at mtjm.eu
Thu Nov 8 17:27:08 GMT 2012


> During the build you sign the packages with your gpg at the librerelease
> time.

With your private key for which the public key should be included in
parabola-keyring.

> Since it seems there is one machine for a tuples of people, modifying
> one by one the /etc/libretools.conf on the key ID sounds weird.

IMO we should use a separate keypair just for packages built on that
machine.

Most libretools load user-specific configuration files, they would
literally answer your question.

> So maybe we will need to redraw libretools.conf to ask for a key inside
> the parabola-keyring and not just one known ID.

I won't publish my private key and I don't want to download the packages
just to sign them (it seems also pointless for security).  I'm also not
convinced that relating the keys to users signing the packages instead
of the machine building them is useful.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <https://lists.parabolagnulinux.org/pipermail/dev/attachments/20121108/ee6bf3db/attachment.asc>


More information about the Dev mailing list