How to sign a remote repository, i.e. forward agent

Denis A. Altoé Falqueto denisfalqueto at gmail.com
Wed Jun 30 19:39:57 CEST 2010


On Wed, Jun 30, 2010 at 2:33 PM, Carsten Aulbert
<carsten.aulbert at aei.mpg.de> wrote:
> Hi Daniel
>
> On Wednesday 30 June 2010 19:06:58 Daniel Kahn Gillmor wrote:
>>
>> Does this workflow work for you?  if not, why not?
>
> I've thought about that, but these repos are a shared effort where the secret
> key is also shared by four trusted people - thus there is a source for race
> conditions - albeit the repos are not really that heavily used.

Carsten, I'm helping the developers of Arch Linux to implement a
similar feature in pacman and we concluded that using the Web of Trust
is essential to a sane environment. Please look this wiki for
reference, since the proposal is detailed:
http://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman

-- 
R: Porque prejudica a legibilidade do texto.
P: Porque é ruim colocar a resposta de um e-mail antes do texto citado?

-------------------------------------------
Denis A. Altoe Falqueto
-------------------------------------------



More information about the Gnupg-users mailing list