[dak/master] Add docs that the secret key only needs to be able to sign
Signed-off-by: Mark Hymers <email@example.com>
setup/README | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/setup/README b/setup/README
index c193e9a..9d5103c 100644
@@ -67,7 +67,9 @@ WARNING: Please check these templates over and customise as necessary
# cp templates/* /srv/dak/templates/
Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg. Guard this key carefully
+pass one through to gpg. Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
# gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
Remember the signing key id for when creating the suite below.
Here we'll pretend it is DDDDDDDD for convenience