Rawhide signatures
Russell Coker
russell at coker.com.au
Wed Jun 23 03:18:41 UTC 2004
On Wed, 23 Jun 2004 03:45, Colin Walters <walters at redhat.com> wrote:
> On Tue, 2004-06-22 at 12:21 -0400, Elliot Lee wrote:
> > There is a Fedora rawhide key (key ID 1CDDBCA9 I believe), but it's
> > really not practical right now to sign the packages, because the rawhide
> > push is completely automated, and signing requires manually entering a
> > password.
>
> Well you can certainly provide the passphrase programatically, something
> like:
>
> echo "my passphrase" 1>&3 | gpg --passphrase-fd=3 ...
Why not just have a GPG key with no pass-phrase? I've just done a quick test
and it seems that gpg 1.2.4 does not prompt for a pass-phrase if the key was
created without one.
There seems to be no benefit to having a pass-phrase on a key that's used for
automatic operation as anyone who can get the secret key can get the
pass-phrase in the same manner.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list