On Sun, May 25, 2014 at 07:05:05PM +0200, Andreas Barth wrote: > * Philipp Kern (pkern@debian.org) [140525 12:32]: > > On 2014-05-24 12:44, Andreas Barth wrote: > >> to ease the updates of gpg keys I consider to add an option that > >> sbuild looks up the keyid in a file instead to specify it directly in > >> .builddrc. What do you think? (I would make sbuild to do the lookup, > >> because that allows to change the key while to build is running. Also > >> it would make the restarts for key changes go away. The proposed name > >> for the new option would be sign_with_file, but if someone would like > >> another name more, please say so.) > > I'd rather prefer buildd to do the lookup and pass the value to sbuild. > Why? A multitude of reasons actually: a) I'd like us to diverge from sbuild upstream as less as possible. It's bad enough that we cannot use the distro one. buildd is another matter entirely, though. b) I don't think this option will pass muster upstream. Why would you special-case this single option, if you do not even sign with a file (e.g. specifying key material) but instead just read a key ID out of the file? That's what $(cat foo) is for on the commandline. c) It is buildd configuration. It is specific to how we (here even just Debian, I think) do things with buildd. d) You could insert Perl code into .sbuildrc to do this, there's technically no need to add a new command-line option. Kind regards Philipp Kern
Attachment:
signature.asc
Description: Digital signature