tarball signing

David Faure faure at kde.org
Mon Jun 13 13:33:51 UTC 2016


On lundi 6 juin 2016 11:39:25 CEST Sandro KnauƟ wrote:
> you don't need to have the privatekey on the server - We have gpg-agent and
> ssh - so you can forward the gpg-agent to the server when doing a release.
> That way the private keymatierial stays safe at your place:
> 
> https://www.isi.edu/~calvin/gpgagent.htm

OK.... this requires OpenSSH >= 6.7, and that's not packaged even for OpenSuSE 
Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at
http://software.opensuse.org/package/openssh and then I couldn't ssh anywhere 
anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1.

I think this will have to wait for a bit.

-- 
David Faure, faure at kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5



More information about the release-team mailing list