Douglas A. Tutty wrote: > On Sun, Dec 07, 2008 at 11:10:29AM +0000, Magnus Therning wrote: >> Douglas A. Tutty wrote: >>> On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote: > >>> I wonder about the latest comment on this thread. Examine why you don't >>> want the secret key on the build server and why you would feel more >>> secure with the signing done on a separate server. >> Well, the main reason is that there are _a_lot_ of people with direct >> access to the build server. The idea is to find a way to limit people's >> _direct_ access to the server with the keys. I know there are problems, >> but hopefully it doesn't require too much work to at least achieve some >> traceability in such a setup. > > However, if people you don't totally trust have access to the build > server, couldn't they fitz the packages before they're signed? Of course they could, but the main reason for splitting things up is to avoid people having direct access to the keys. > Don't the keys have a passphrase option? Then, when you are ready to > sign the packages, you'd have to enter the passphrase. Yes, but that would remove the "automatic" in "automatic build system" :-( /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus Haskell is an even 'redder' pill than Lisp or Scheme. -- PaulPotts
Attachment:
signature.asc
Description: OpenPGP digital signature