[dak/master] Add docs that the secret key only needs to be able to sign

To: debian-dak@lists.debian.org
Subject: [dak/master] Add docs that the secret key only needs to be able to sign
From: Mark Hymers <mhy@debian.org>
Date: Sat, 30 Jul 2011 09:36:33 +0000
Message-id: <[🔎] E1Qn5yD-0000EI-T8@franck.debian.org>

Signed-off-by: Mark Hymers <mhy@debian.org>
---
 setup/README |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/setup/README b/setup/README
index c193e9a..9d5103c 100644
--- a/setup/README
+++ b/setup/README
@@ -67,7 +67,9 @@ WARNING: Please check these templates over and customise as necessary
 # cp templates/* /srv/dak/templates/
 
 Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg.  Guard this key carefully
+pass one through to gpg.  Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
+to encrypt.
 # gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
 Remember the signing key id for when creating the suite below.
 Here we'll pretend it is DDDDDDDD for convenience
-- 
1.7.2.5

Reply to:

Prev by Date: [dak/master] Use /bin/bash as dak's shell
Next by Date: [dak/master 1/2] Don't say we're sending mail when we're not
Previous by thread: [dak/master] Use /bin/bash as dak's shell
Next by thread: [dak/master 1/2] Don't say we're sending mail when we're not
Index(es):
- Date
- Thread