Re: Emdebian auto-signing

To: Neil Williams <codehelp@debian.org>
Cc: debian-wb-team@lists.debian.org
Subject: Re: Emdebian auto-signing
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sat, 1 Oct 2011 16:36:45 +0200
Message-id: <[🔎] 20111001143645.GA28261@roeckx.be>
In-reply-to: <[🔎] 20111001150608.3cbd45876f3649aee684d740@debian.org>
References: <[🔎] 20111001124216.f076bba0673c20be7fa28a1f@debian.org> <[🔎] 20111001131333.GA26862@roeckx.be> <[🔎] 20111001150608.3cbd45876f3649aee684d740@debian.org>

On Sat, Oct 01, 2011 at 03:06:08PM +0100, Neil Williams wrote:
> 
> So the secret key to sign the .changes file lives on the buildd, just
> outside the chroots normally used? My question really comes down to how
> that secret key is managed - does DSA have to have access to the
> machine where that secret key is kept? How is that managed currently?
> (Does DSA just have normal user access or sudo?) Does the wb team need
> access?
> 
> Currently, the machine in question is accessible by me, zumbi & wookey.
> 
> > We need to generate the keys on the buildd and then add them to
> > a file on ftp-master, which then gets added to a special keyring.
> > ftp-master has rules on which machines are allowed to have such keys,
> > and things like that.

You might want to read:
http://lists.debian.org/debian-wb-team/2011/03/msg00041.html


Kurt

Reply to:

References:
- Emdebian auto-signing
  - From: Neil Williams <codehelp@debian.org>
- Re: Emdebian auto-signing
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Emdebian auto-signing
  - From: Neil Williams <codehelp@debian.org>

Prev by Date: Re: Emdebian auto-signing
Next by Date: [p-a-s/sid] vpb-driver: blacklist from s390 and s390x
Previous by thread: Re: Emdebian auto-signing
Next by thread: [p-a-s/sid] vpb-driver: blacklist from s390 and s390x
Index(es):
- Date
- Thread