[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

Hi, Henrique de Moraes Holschuh wrote:

> On Tue, 02 Dec 2003, Wouter Verhelst wrote:
>> So unless you have a suggestion that would solve this particular issue,
>> I'm afraid this idea won't work in practice.
> We could verify if the gpg agent (gpa? I forget the name...) cannot do this
> over a secure channel. It should be able to, and if not, it can probably be
> taught to.

It's not that easy (basically you need to tunnel the actual
encryprion/signing function, not just the passphrase-getting).
See ssh-agent as an example.

The good thing is that people are already thinking about this.


Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf@smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
 - -
BOFH excuse #387:

Your computer's union contract is set to expire at midnight.

Reply to: