[Dev] Bug #567 has significant security impact on binaries
Luke
g4jc at openmailbox.org
Sat Jun 27 19:55:19 GMT 2015
I can confirm that test-fixes mentioned in the bug ticket allow me to
gpg sign inside the chroot, and also run makepkg inside the chroot.
However I am still unable to determine why that fails using
libremakepkg. Has something to do with how it is reading makepkg.conf I
imagine.
On 06/27/2015 12:39 PM, fauno wrote:
> i think you need to restart the agent to change the ttl.
>
> what if there's an intermediary signature that only libremakepkg can
> issue and then librerelease verifies this and signs with the packager
> key?
I like this idea, a lot.
However, who would have access to the secret key? It would need a key to
create the intermediary signature which libremakepkg would be using.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20150627/ca8bb068/attachment.sig>
More information about the Dev
mailing list