[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-release-team
Subject: Re: tarball signing
From: Sandro =?ISO-8859-1?Q?Knau=DF?= <sknauss () kde ! org>
Date: 2016-06-06 9:39:25
Message-ID: 1669175.aiGqgURaKj () tuxin
[Download RAW message or body]
Hey,
> Well, Albert and I use (the same user on) the same server to make releases.
> So the private key will have to be on that server, otherwise it will become
> very inconvenient (download, sign, upload).
>
> But if that's good enough, and if we can tell gpg2 which private key to use
> (so he and I don't use the same), then we can proceed with the idea.
you don't need to have the privatekey on the server - We have gpg-agent and
ssh - so you can forward the gpg-agent to the server when doing a release.
That way the private keymatierial stays safe at your place:
https://www.isi.edu/~calvin/gpgagent.htm
Regards,
sandro
_______________________________________________
release-team mailing list
release-team@kde.org
https://mail.kde.org/mailman/listinfo/release-team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic