Jay Yarbrough wrote: > My personal preference is to batch sign them after creation. However, > it should also be possible to use 'expect' to pass in the passphrase > during the build process. Sure it is. The issue some people have with this is if you truly automate it this way, there may be a tendency to leave a passphrase, in clear text, lying around in the script on the build system, which has some implications for how far people are likely to trust that signing key. Just something to be consider. In the project I'm involved with we consider that okay in the case of nightly-build automated packages, but we use different signing keys that do we do not use in an autosign scenario for things that are presented as releases. _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
