[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote signing of large files



Douglas A. Tutty wrote:
> On Sun, Dec 07, 2008 at 11:10:29AM +0000, Magnus Therning wrote:
>> Douglas A. Tutty wrote:
>>> On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
>  
>>> I wonder about the latest comment on this thread.  Examine why you don't
>>> want the secret key on the build server and why you would feel more
>>> secure with the signing done on a separate server.
>> Well, the main reason is that there are _a_lot_ of people with direct
>> access to the build server.  The idea is to find a way to limit people's
>> _direct_ access to the server with the keys.  I know there are problems,
>> but hopefully it doesn't require too much work to at least achieve some
>> traceability in such a setup.
> 
> However, if people you don't totally trust have access to the build
> server, couldn't they fitz the packages before they're signed?  

Of course they could, but the main reason for splitting things up is to
avoid people having direct access to the keys.

> Don't the keys have a passphrase option?  Then, when you are ready to
> sign the packages, you'd have to enter the passphrase.

Yes, but that would remove the "automatic" in "automatic build system" :-(

/M

-- 
Magnus Therning                             (OpenPGP: 0xAB4DFBA4)
magnus@therning.org             Jabber: magnus@therning.org
http://therning.org/magnus

Haskell is an even 'redder' pill than Lisp or Scheme.
     -- PaulPotts

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: