On Mon, Mar 14, 2005 at 10:20:00PM +0100, Sven Luther wrote:
> But you would notice all this just the same if the signing where automated,
> don't you ?
Possibly; however, it wouldn't buy us much (signing successful build
logs currently takes me 10 seconds for the first log, and less than a
second for the next ones thanks to mutt's gpg passphrase caching and a
some scripting) while it would cost us much: auto-signing stuff is
dangerous, as it requires connecting a machine with a key without
passphrase, or that at least has the key unprotected in memory, to the
Internet. There's a major difference, security-wise, and no noticeable
difference in handling of the logs -- most of us actually sit close to
their mailbox most of the day, and only when we sleep do successful logs
have to wait a bit.
--
EARTH
smog | bricks
AIR -- mud -- FIRE
soda water | tequila
WATER
-- with thanks to fortune
Attachment:
signature.asc
Description: Digital signature