Re: Separate GPG subkey for package signing

To: debian-mentors@lists.debian.org
Subject: Re: Separate GPG subkey for package signing
From: Christian Kastner <ckk@debian.org>
Date: Fri, 24 Jun 2022 21:44:21 +0200
Message-id: <[🔎] 0bb01b69-76bb-a789-a45a-21a699d24dad@debian.org>
In-reply-to: <[🔎] CAD6oR3HUL=GyFA8bBZG-Kt1Usxrs9vVdCjpCMf-DgwMS1MKRQg@mail.gmail.com>
References: <[🔎] CAD6oR3HUL=GyFA8bBZG-Kt1Usxrs9vVdCjpCMf-DgwMS1MKRQg@mail.gmail.com>

On 2022-06-24 18:40, Dániel Fancsali wrote:
> I thought, I'll create a separate subkey for signing the package (and
> keep my master key off-line, and the others keys separate from this
> debian-signing-subkey). Would that be considered good practice? Or is
> there something I can't see here?

This is done quite commonly, actually. [1] and [2] have more info.

Best,
Christian

[1] https://wiki.debian.org/GnuPG/AirgappedMasterKey

[2] https://wiki.debian.org/Subkeys

Reply to:

Follow-Ups:
- Re: Separate GPG subkey for package signing
  - From: Dániel Fancsali <fancsali@gmail.com>

References:
- Separate GPG subkey for package signing
  - From: Dániel Fancsali <fancsali@gmail.com>

Prev by Date: Bug#1013675: RFS: zope.configuration/4.4.1-1 [QA] -- Zope Configuration Markup Language (ZCML)
Next by Date: Bug#1013741: RFS: zope.exceptions/4.5-1 [QA] [RC] -- Zope exceptions for Python 3
Previous by thread: Re: Separate GPG subkey for package signing
Next by thread: Re: Separate GPG subkey for package signing
Index(es):
- Date
- Thread