On Mon May 19 2008, Todd Zullinger wrote: > Till Maas wrote: > > Thank you, but this way I fear that I install unsigned rpms from a > > repository because my locally built rpms are not signed (otherwise > > they are broken, because rpms does not support the keylength of my > > gpg key) and therefore afaik I had to disable the check for gpg > > signatures. > > So no signature is preferable to creating a key of more standard size > for use in signing your custom packages? I can still provide gpg signatures with gpg: gpg --armor --detach-sign foo.rpm This also allows the receipient to check the signature without giving my key ultimate trust for any rpm, which is afaik what happens when someone imports a gpg key into rpm. Also do not distribute rpms via unsecure channels to my machines and having a third private gpg key for this without gaining much. Regards, Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
