[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [ANNOUNCE] experiemental dpkg available



On Thu, Oct 28, 1999 at 04:31:51PM +1300, Michael Beattie wrote:
> [snip cool stuff]
> > 
> > Known problems, each .deb signed requires you to enter your passphrase
> > twice (once for each member), which get's really old after the second or
> > third package. Any help with getting around this would be nice. Also note
> > that I plan on adding signature checking to dpkg-deb itself, but not
> > generating signatures. Also, I need to have dpkg-signpackage -c give
> > better parsing of errors in checking the signatures.
> 
> I know its something that is probably a security risk, but is it possible
> to do something similar to ssh-agent?

It probably would, which isn't all that insecure. Question is, some one
needs to do it and send the patch to GPG. The alternative is gpg accepts a
--fd-??? option that let's you tell it which fd to check for the
passphrase, a forked process could then feed it to that fd repeatedly
until killed.

[trimmed the Cc for this comment to -devel only since it wasn't related to
the other lists]

Ben


Reply to: