On Wed, 22 Aug 2007 10:46:38 -0400 Kamaraju S Kusumanchi <kamaraju@bluebottle.com> wrote: > Hi > I have access to two machines - say machine A, machine B. On machine A > when I build a package, I can automatically sign the package as needed. > However now I am sitting at a friends machine (machine B) and built a > package using pdebuild. But I am not sure how to sign this package. If you do not have sole access to root on that machine, it's best not to have your secret key on it so it's best not to sign. Use the '-uc' '-us' switches or put the data into .pbuilderrc AUTO_DEBSIGN=no You don't have to sign every build you do on every machine - you only need to sign the one build that is going to be uploaded. As none of your sponsors are even remotely interested in the architecture-dependent binaries and only really care about the .dsc, .orig.tar.gz and (if not native) the .diff.gz, there is no need to worry about signing builds on different architectures. It's good to do but it isn't relevant to sponsoring, normally. > What should I do? Should I copy the secret key from machine A to machine B? Not if that machine is not secure. > or should I copy the .dsc, .changes files from machine B to machine A and > sign there? I looked in maint-guide, developers-reference, debian-reference > but could not find any suggestions there. apt-get install devscripts man debrsign -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpzqzBHEcgx4.pgp
Description: PGP signature