Re: compiling packages on va
Kirk Hilliard wrote:
> Martin Schulze <joey@kuolema.Infodrom.North.DE> writes:
> >
> > On Sun, Feb 08, 1998 at 05:20:32PM +0100, Marco d'Itri wrote:
> > > What is the best way to PGP sign packages compiled on va?
> > > I don't like uploading my secret key to another computer.
> >
> > I'd suggest sending the packages or files to your normal account
> > and pgp sign it there.
>
> In theory, the 128 bit "message digest" could be created on the remote
> machine, brought back to the local machine for encryption, and the
> result sent back to the remote machine for generation of the
> document's signature. I don't think that pgp currently supports this,
> but it wouldn't be too hard to implement. Is this a desired feature?
You can actually do something similar with the current setup. The
only files that need to be signed are the .dsc and .changes files,
which are quite small and contain the md5sums of the large files.
I quote Charles Briscoe-Smith:
Build with "-us -uc", then sign the .dsc files. Then, you have to md5sum
each .dsc file and update the corresponding .changes file, and lastly,
sign the .changes files.
See http://www.nl.debian.org/Lists-Archives/debian-devel-9802/msg00175.html
for the whole article.
Richard Braakman
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: