Re: reprepro using a gpg certificate

To: debian-user@lists.debian.org
Subject: Re: reprepro using a gpg certificate
From: Linux-Fan <Ma_Sys.ma@web.de>
Date: Mon, 28 Sep 2020 15:25:34 +0200
Message-id: <[🔎] cone.1601299534.812464.4597.1000@pte5>
References: <[🔎] 20200928135952.187923ad@debian-i7> <[🔎] 0dd0420e-248b-2dda-01b9-36655d3914d3@digionline.de> <[🔎] 20200928151421.0e37874e@debian-i7>

Andreas Ronnquist writes:

On Mon, 28 Sep 2020 15:01:25 +0200,
Philipp Ewald<philipp.ewald@digionline.de> wrote:

>afaik:
>
>you dont need a password on a gpg-key so if its not required you can
>remove the password and script

That is right of course - but how is this security-wise? I guess in my
case it doesn't matter much though.


Whether you store the password on the same computer as the keyfile or just
a keyfile without password should not matter that much?
What kind of adversary are you trying to protect against?

I run a reprepro here with an "unprotected" keyfile and it works quite
nicely. In case you are interested in how it is implemented here, see
https://masysma.lima-city.de/32/masysmaci_pkgsync.xhtml
Follow the links to Github or further documentation as interested :)

HTH
Linux-Fan

[...]

Attachment: pgptDkWJSPr7V.pgp
Description: PGP signature

Reply to:

References:
- reprepro using a gpg certificate
  - From: Andreas Rönnquist <mailinglists@gusnan.se>
- Re: reprepro using a gpg certificate
  - From: Philipp Ewald <philipp.ewald@digionline.de>
- Re: reprepro using a gpg certificate
  - From: Andreas Ronnquist <mailinglists@gusnan.se>

Prev by Date: Re: reprepro using a gpg certificate
Next by Date: Re: Internal error: couldn't generate list of packages to download
Previous by thread: Re: reprepro using a gpg certificate
Next by thread: "ps -o %mem" and free memory in Linux
Index(es):
- Date
- Thread