[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: signing RPMs without a passphrase?

From: "Wichmann, Mats D" <mats d wichmann intel com>
To: RPM Package Manager <rpm-list redhat com>
Subject: RE: signing RPMs without a passphrase?
Date: Thu, 9 Oct 2008 12:21:11 -0600

Jay Yarbrough wrote:
> My personal preference is to batch sign them after creation.  However,
> it should also be possible to use 'expect' to pass in the passphrase
> during the build process.

Sure it is.

The issue some people have with this is if you truly automate
it this way, there may be a tendency to leave a passphrase,
in clear text, lying around in the script on the build system,
which has some implications for how far people are likely to
trust that signing key.  Just something to be consider.  In
the project I'm involved with we consider that okay in the case
of nightly-build automated packages, but we use different
signing keys that do we do not use in an autosign scenario
for things that are  presented as releases.

References:
- signing RPMs without a passphrase?
  - From: Lev Lvovsky
- RE: signing RPMs without a passphrase?
  - From: Aaron Hanson
- Re: signing RPMs without a passphrase?
  - From: Jeff Johnson
- Re: signing RPMs without a passphrase?
  - From: Lev Lvovsky
- RE: signing RPMs without a passphrase?
  - From: Jay Yarbrough

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]