On Tue, Jun 22, 2004 at 11:35:23PM +0100, Rui Miguel Seabra wrote: > On Tue, 2004-06-22 at 13:45 -0400, Colin Walters wrote: > > On Tue, 2004-06-22 at 12:21 -0400, Elliot Lee wrote: > > > > > There is a Fedora rawhide key (key ID 1CDDBCA9 I believe), but it's really > > > not practical right now to sign the packages, because the rawhide push is > > > completely automated, and signing requires manually entering a password. > > > > Well you can certainly provide the passphrase programatically, something > > like: > > > > echo "my passphrase" 1>&3 | gpg --passphrase-fd=3 ... > > This would also be very very bad :) > > It would have to be a software that links with an rpm library, reads > passphrase from someplace (maybe even use selinux to restrict who can > read it? :)) and uses it. > > Other than that... welcome to the world of ps :) > > Rui gpg --passphrase-fd=0 ... <<EOF my passphrase EOF ? Or why not just remove the passphrase all together? Sure, the private key would end up unprotected, but having the passphrase on a script doesn't give that much protection either. But I'd rather have the packages signed by such key than not signed at all. Regards, Luciano Rocha -- Consciousness: that annoying time between naps.
