Re: Separate GPG subkey for package signing
On 2022-06-24 18:40, Dániel Fancsali wrote:
> I thought, I'll create a separate subkey for signing the package (and
> keep my master key off-line, and the others keys separate from this
> debian-signing-subkey). Would that be considered good practice? Or is
> there something I can't see here?
This is done quite commonly, actually. [1] and [2] have more info.
Best,
Christian
[1] https://wiki.debian.org/GnuPG/AirgappedMasterKey
[2] https://wiki.debian.org/Subkeys
Reply to: