tarball signing

David Faure faure at kde.org
Mon Jun 6 06:59:39 UTC 2016


On samedi 4 juin 2016 00:18:44 CEST Sandro KnauƟ wrote:
> On the one side, if the privatekey is easy to grab, it does not help
> improving security, but if the private key, lifes at only on a specifc
> secured computer it would help a lot.

Well, Albert and I use (the same user on) the same server to make releases.
So the private key will have to be on that server, otherwise it will become 
very inconvenient (download, sign, upload).

But if that's good enough, and if we can tell gpg2 which private key to use 
(so he and I don't use the same), then we can proceed with the idea.

-- 
David Faure, faure at kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5



More information about the release-team mailing list