[Dev] Bug #567 has significant security impact on binaries
g4jc at openmailbox.org
Sat Jun 27 19:55:19 GMT 2015
I can confirm that test-fixes mentioned in the bug ticket allow me to
gpg sign inside the chroot, and also run makepkg inside the chroot.
However I am still unable to determine why that fails using
libremakepkg. Has something to do with how it is reading makepkg.conf I
On 06/27/2015 12:39 PM, fauno wrote:
> i think you need to restart the agent to change the ttl.
> what if there's an intermediary signature that only libremakepkg can
> issue and then librerelease verifies this and signs with the packager
I like this idea, a lot.
However, who would have access to the secret key? It would need a key to
create the intermediary signature which libremakepkg would be using.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Dev