Hi, El 27/06/22 a las 10:40, Dániel Fancsali escribió: > Good morning, > > Thanks for you replies, gents. > > Makes sense. > > One last thing, I am not sure of: do I upload my master key's public part > or the signing key's one to my mentors account? From https://mentors.debian.net/intro-maintainers/: " How to upload packages to mentors.debian.net You need to use dput to upload packages. We accept your uploads through HTTPS or FTP. All packages must be signed (using debsign) with the GnuPG key you configured in your control panel. " Cheers, -- S > > Regards, > Daniel > > On Fri, 24 Jun 2022 at 20:42, Christian Kastner <ckk@debian.org> wrote: > > > On 2022-06-24 18:40, Dániel Fancsali wrote: > > > I thought, I'll create a separate subkey for signing the package (and > > > keep my master key off-line, and the others keys separate from this > > > debian-signing-subkey). Would that be considered good practice? Or is > > > there something I can't see here? > > > > This is done quite commonly, actually. [1] and [2] have more info. > > > > Best, > > Christian > > > > [1] https://wiki.debian.org/GnuPG/AirgappedMasterKey > > > > [2] https://wiki.debian.org/Subkeys > > > >
Attachment:
signature.asc
Description: PGP signature