Re: gpg passphrase and package building

To: debian mentors <debian-mentors@lists.debian.org>
Subject: Re: gpg passphrase and package building
From: Steve Langasek <vorlon@netexpress.net>
Date: Wed, 24 Jul 2002 11:59:36 -0500
Message-id: <[🔎] 20020724165936.GK19651@netexpress.net>
Mail-followup-to: debian mentors <debian-mentors@lists.debian.org>
In-reply-to: <[🔎] 20020724154750.GJ18013@localhost>
References: <[🔎] 20020724154750.GJ18013@localhost>

On Wed, Jul 24, 2002 at 11:47:50AM -0400, christophe barbé wrote:
> When building a package, the description file and the changes file are
> signed separately.

> Has anyone a good solution to type only one time his gpg passphrase when
> building a package.

The second signed file includes checksum information from the first
signed file, so they cannot both be signed at the same time.  The only
way to type your passphrase only once is for your build scripts (e.g.,
dpkg-buildpackage) to store the passphrase in memory between invocations
of gpg.  This is generally regarded as a bad idea.

Steve Langasek
postmodern programmer

Attachment: pgp3LZT7pt2S0.pgp
Description: PGP signature

Reply to:

References:
- gpg passphrase and package building
  - From: christophe barbé <christophe.barbe.ml@online.fr>

Prev by Date: Re: gpg passphrase and package building
Next by Date: Re: gpg passphrase and package building
Previous by thread: Re: gpg passphrase and package building
Next by thread: Looking for sponsor: nitfol/glulxe/floo/glk
Index(es):
- Date
- Thread