[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote signing of large files

On Sun, Dec 07, 2008 at 11:10:29AM +0000, Magnus Therning wrote:
> Douglas A. Tutty wrote:
> > On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
 
> > I wonder about the latest comment on this thread.  Examine why you don't
> > want the secret key on the build server and why you would feel more
> > secure with the signing done on a separate server.
> 
> Well, the main reason is that there are _a_lot_ of people with direct
> access to the build server.  The idea is to find a way to limit people's
> _direct_ access to the server with the keys.  I know there are problems,
> but hopefully it doesn't require too much work to at least achieve some
> traceability in such a setup.

However, if people you don't totally trust have access to the build
server, couldn't they fitz the packages before they're signed?  

Don't the keys have a passphrase option?  Then, when you are ready to
sign the packages, you'd have to enter the passphrase.

Doug.
Reply to: