Re: Emdebian auto-signing
On Sat, Oct 01, 2011 at 03:06:08PM +0100, Neil Williams wrote:
> So the secret key to sign the .changes file lives on the buildd, just
> outside the chroots normally used? My question really comes down to how
> that secret key is managed - does DSA have to have access to the
> machine where that secret key is kept? How is that managed currently?
> (Does DSA just have normal user access or sudo?) Does the wb team need
> Currently, the machine in question is accessible by me, zumbi & wookey.
> > We need to generate the keys on the buildd and then add them to
> > a file on ftp-master, which then gets added to a special keyring.
> > ftp-master has rules on which machines are allowed to have such keys,
> > and things like that.
You might want to read: