Re: Rawhide signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 22, 2004 at 11:35:23PM +0100, Rui Miguel Seabra wrote:
> On Tue, 2004-06-22 at 13:45 -0400, Colin Walters wrote:
> > On Tue, 2004-06-22 at 12:21 -0400, Elliot Lee wrote:
> > 
> > > There is a Fedora rawhide key (key ID 1CDDBCA9 I believe), but it's really
> > > not practical right now to sign the packages, because the rawhide push is
> > > completely automated, and signing requires manually entering a password.  
> > 
> > Well you can certainly provide the passphrase programatically, something
> > like:
> > 
> > echo "my passphrase" 1>&3 | gpg --passphrase-fd=3 ...
> 
> This would also be very very bad :)
> 
> It would have to be a software that links with an rpm library, reads
> passphrase from someplace (maybe even use selinux to restrict who can
> read it? :)) and uses it.
> 
> Other than that... welcome to the world of ps :)
> 
> Rui

gpg --passphrase-fd=0 ... <<EOF
my passphrase
EOF
?

Or why not just remove the passphrase all together? Sure, the private key
would end up unprotected, but having the passphrase on a script doesn't
give that much protection either.

But I'd rather have the packages signed by such key than not signed at
all.

Regards,
Luciano Rocha

-- 
Consciousness: that annoying time between naps.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux