On Wed, 10 Mar 2004, Aaron Hanson wrote:
> This may be more about gpg but anyways: I'm trying to sign packages
> in an automated build. When I created my gpg keys, I couldn't see a way
> to make the keys 'unprotected'; i.e. no passphrase. I just provided a
> zero-length phrase.
>
> Even with the zero length phrase, when I invoke 'rpmbuild --sign
> [opts] [spec]', gpg still prompts for a passphrase. Any ideas on how to
> get around this? Thanks.
The passphrase is there for a sane rason. If you start signing packages
automatically then the signature is only misleading. How can I trust a
signature from someone who was not even present during the signing
process?
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
hvdkooij@xxxxxxxxxxxxxxx http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/rpm-list
