Re: Remote signing of large files
- From: "Douglas A. Tutty" <dtutty@xxxxxxxxx>
- Date: Sun, 7 Dec 2008 23:53:16 -0500
On Sun, Dec 07, 2008 at 11:10:29AM +0000, Magnus Therning wrote:
Douglas A. Tutty wrote:
On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
I wonder about the latest comment on this thread. Examine why you don't
want the secret key on the build server and why you would feel more
secure with the signing done on a separate server.
Well, the main reason is that there are _a_lot_ of people with direct
access to the build server. The idea is to find a way to limit people's
_direct_ access to the server with the keys. I know there are problems,
but hopefully it doesn't require too much work to at least achieve some
traceability in such a setup.
However, if people you don't totally trust have access to the build
server, couldn't they fitz the packages before they're signed?
Don't the keys have a passphrase option? Then, when you are ready to
sign the packages, you'd have to enter the passphrase.
Doug.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: Remote signing of large files
- From: Magnus Therning
- Re: Remote signing of large files
- References:
- Remote signing of large files
- From: Magnus Therning
- Re: Remote signing of large files
- From: Douglas A. Tutty
- Re: Remote signing of large files
- From: Magnus Therning
- Remote signing of large files
- Prev by Date: USB Sound Cards on Etch: Can't Get One To Work
- Next by Date: Re: remote system administration - grub via serial cable?
- Previous by thread: Re: Remote signing of large files
- Next by thread: Re: Remote signing of large files
- Index(es):
Relevant Pages
|
