[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: signing packages from a different machine



On Wed, 22 Aug 2007 11:34:12 -0400
Kamaraju S Kusumanchi <kamaraju@bluebottle.com> wrote:

> I want to upload the packages to mentors.debian.net so that my sponsor can
> take a look at it.

Then you really need to upload it from a secure machine that has your secret key.

The reason for enforcing signatures is so that the sponsor can be sure
that the package really was prepared by you.

If you cannot trust the machine you are on, can you connect to a secure machine?

If you cannot, you will need to delay the upload until you can.

Do not compromise your secret key for the sake of this upload.

-- 


Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgpA2fs0L536I.pgp
Description: PGP signature


Reply to: