Rawhide signatures
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Tue Jun 22 22:40:40 UTC 2004
On Tue, Jun 22, 2004 at 11:35:23PM +0100, Rui Miguel Seabra wrote:
> On Tue, 2004-06-22 at 13:45 -0400, Colin Walters wrote:
> > On Tue, 2004-06-22 at 12:21 -0400, Elliot Lee wrote:
> >
> > > There is a Fedora rawhide key (key ID 1CDDBCA9 I believe), but it's really
> > > not practical right now to sign the packages, because the rawhide push is
> > > completely automated, and signing requires manually entering a password.
> >
> > Well you can certainly provide the passphrase programatically, something
> > like:
> >
> > echo "my passphrase" 1>&3 | gpg --passphrase-fd=3 ...
>
> This would also be very very bad :)
>
> It would have to be a software that links with an rpm library, reads
> passphrase from someplace (maybe even use selinux to restrict who can
> read it? :)) and uses it.
>
> Other than that... welcome to the world of ps :)
>
> Rui
gpg --passphrase-fd=0 ... <<EOF
my passphrase
EOF
?
Or why not just remove the passphrase all together? Sure, the private key
would end up unprotected, but having the passphrase on a script doesn't
give that much protection either.
But I'd rather have the packages signed by such key than not signed at
all.
Regards,
Luciano Rocha
--
Consciousness: that annoying time between naps.
More information about the fedora-devel-list
mailing list