How to sign a remote repository, i.e. forward agent

Carsten Aulbert carsten.aulbert at
Wed Jun 30 19:33:41 CEST 2010

Hi Daniel

On Wednesday 30 June 2010 19:06:58 Daniel Kahn Gillmor wrote:
> Does this workflow work for you?  if not, why not?

I've thought about that, but these repos are a shared effort where the secret 
key is also shared by four trusted people - thus there is a source for race 
conditions - albeit the repos are not really that heavily used.

Thus maybe I should consider doing a 2-way sync:

let other people do their work and include their packages, rsync to my local 
machine, sign/export, rsync again to remote site - downside could be that I'm 
from time to time on very slow networks.

(other alternative is of course to rise to the benevolent dictator and just 
accept new packages by other users and include those myself and use your work 

So, maybe my question was just a very theoretical one :)

Thanks for the reply


More information about the Gnupg-users mailing list