tarball signing

Albert Astals Cid aacid at kde.org
Tue Jun 7 12:08:39 UTC 2016


El dilluns, 6 de juny de 2016, a les 8:59:39 CEST, David Faure va escriure:
> On samedi 4 juin 2016 00:18:44 CEST Sandro KnauƟ wrote:
> > On the one side, if the privatekey is easy to grab, it does not help
> > improving security, but if the private key, lifes at only on a specifc
> > secured computer it would help a lot.
> 
> Well, Albert and I use (the same user on) the same server to make releases.
> So the private key will have to be on that server, otherwise it will become
> very inconvenient (download, sign, upload).

Putting the key on the [l10n] server means that if someone needs to fill in 
because we're away they need access to the server, making it harder to make it 
happen.

Cheers,
  Albert

> 
> But if that's good enough, and if we can tell gpg2 which private key to use
> (so he and I don't use the same), then we can proceed with the idea.




More information about the release-team mailing list