tarball signing
Albert Astals Cid
aacid at kde.org
Tue Jun 7 12:08:39 UTC 2016
El dilluns, 6 de juny de 2016, a les 8:59:39 CEST, David Faure va escriure:
> On samedi 4 juin 2016 00:18:44 CEST Sandro Knauß wrote:
> > On the one side, if the privatekey is easy to grab, it does not help
> > improving security, but if the private key, lifes at only on a specifc
> > secured computer it would help a lot.
>
> Well, Albert and I use (the same user on) the same server to make releases.
> So the private key will have to be on that server, otherwise it will become
> very inconvenient (download, sign, upload).
Putting the key on the [l10n] server means that if someone needs to fill in
because we're away they need access to the server, making it harder to make it
happen.
Cheers,
Albert
>
> But if that's good enough, and if we can tell gpg2 which private key to use
> (so he and I don't use the same), then we can proceed with the idea.
More information about the release-team
mailing list