[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits (Nybbles?) from the Vancouver release team meeting

On Mon, Mar 14, 2005 at 10:20:00PM +0100, Sven Luther wrote:
> But you would notice all this just the same if the signing where automated,
> don't you ?

Possibly; however, it wouldn't buy us much (signing successful build
logs currently takes me 10 seconds for the first log, and less than a
second for the next ones thanks to mutt's gpg passphrase caching and a
some scripting) while it would cost us much: auto-signing stuff is
dangerous, as it requires connecting a machine with a key without
passphrase, or that at least has the key unprotected in memory, to the
Internet. There's a major difference, security-wise, and no noticeable
difference in handling of the logs -- most of us actually sit close to
their mailbox most of the day, and only when we sleep do successful logs
have to wait a bit.

     smog  |   bricks
 AIR  --  mud  -- FIRE
soda water |   tequila
 -- with thanks to fortune

Attachment: signature.asc
Description: Digital signature

Reply to: