tarball signing
David Faure
faure at kde.org
Mon Jun 6 06:59:39 UTC 2016
On samedi 4 juin 2016 00:18:44 CEST Sandro Knauß wrote:
> On the one side, if the privatekey is easy to grab, it does not help
> improving security, but if the private key, lifes at only on a specifc
> secured computer it would help a lot.
Well, Albert and I use (the same user on) the same server to make releases.
So the private key will have to be on that server, otherwise it will become
very inconvenient (download, sign, upload).
But if that's good enough, and if we can tell gpg2 which private key to use
(so he and I don't use the same), then we can proceed with the idea.
--
David Faure, faure at kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5
More information about the release-team
mailing list