Re: autobuilding, pgp signing, security

[Andreas Jellinghaus <aj@dungeon.inka.de>]

> > The machine will not have a pgp key. The special packaging account will
> > have one. Packages will be build under one special user account which can
> > be protected with a directory mode 700 on top so that no one can spy into
> > things.
> 
> But then it isn't "auto-building" any more! 
> Anyway, the above solution would be my "preferred" solution, but
> really I think just a "true" autobuild procedure is OK too.

I personaly would feel safer, if there were two accounts :
one for the management and pgp signing, and one for the true autobuild
process. this way the debian/rules script cannot read the file with the
secret key. maybe i'm paranoid, but two accounts (and maybe a sudo from
the master to the salve account) would better fit my paranoia.

> Couldn't agree more, and I sortof feel sorry for bringing this up.
> All I wanted to say was "please, while you make it work, also think
> about security". 

i think i do. i will start writing a script after i sleeping for some
hours.

> But anyway, I think most of us (if not all) agree that we should
> go ahead, so what's there to stop us (well, my slow network connection,
> and, uhm, df reporting about 30 M free diskspace on my machine).

no problem. 1 mb for the management. and, uh, we shouldn't try build
xfree on your machine :-)

andreas


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .