Re: signing packages from a different machine

To: debian-mentors@lists.debian.org
Subject: Re: signing packages from a different machine
From: Neil Williams <codehelp@debian.org>
Date: Wed, 22 Aug 2007 16:45:27 +0100
Message-id: <[🔎] 20070822164527.0dfc00bb.codehelp@debian.org>
In-reply-to: <[🔎] fahkl4$deg$1@sea.gmane.org>
References: <[🔎] fahhrv$40c$1@sea.gmane.org> <[🔎] 20070822155223.7876c5bd.codehelp@debian.org> <[🔎] fahkl4$deg$1@sea.gmane.org>

On Wed, 22 Aug 2007 11:34:12 -0400
Kamaraju S Kusumanchi <kamaraju@bluebottle.com> wrote:

> I want to upload the packages to mentors.debian.net so that my sponsor can
> take a look at it.

Then you really need to upload it from a secure machine that has your secret key.

The reason for enforcing signatures is so that the sponsor can be sure
that the package really was prepared by you.

If you cannot trust the machine you are on, can you connect to a secure machine?

If you cannot, you will need to delay the upload until you can.

Do not compromise your secret key for the sake of this upload.

-- 

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgps6y7jXtkVa.pgp
Description: PGP signature

Reply to:

References:
- signing packages from a different machine
  - From: Kamaraju S Kusumanchi <kamaraju@bluebottle.com>
- Re: signing packages from a different machine
  - From: Neil Williams <codehelp@debian.org>
- Re: signing packages from a different machine
  - From: Kamaraju S Kusumanchi <kamaraju@bluebottle.com>

Prev by Date: Re: signing packages from a different machine
Next by Date: RFS: pal (updated package)
Previous by thread: Re: signing packages from a different machine
Next by thread: dh_install and python version
Index(es):
- Date
- Thread