Re: Official Debian digital 'branding' of debs
Hi,
>>"Goswin" == Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de> writes:
Goswin> And how do you sign package with that if its not a networked comp? How
Goswin> do autobuild deamons sign packages?
My key is never on a networked computer. The network is
brought down (physically disconnected), the machine is cold rebooted
from a known god media, the removable media with my key is mounted,
the signature made, the removable media removed (and physically
secured).
I suggest that the master key be used with no lesser
precautions.
As to autobuild daemons, they never get close to the Master
key. Evewry package is not signed by the Master key, only the
Debian-keyring package is. The Master key merely ensures that the
keys in the keyring package you have are officially sanctioned.
manoj
--
C for yourself.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: