[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: signing packages



On Wed, 10 Mar 2004, Aaron Hanson wrote:

>     This may be more about gpg but anyways: I'm trying to sign packages
> in an automated build. When I created my gpg keys, I couldn't see a way
> to make the keys 'unprotected'; i.e. no passphrase. I just provided a
> zero-length phrase.
>
>     Even with the zero length phrase, when I invoke 'rpmbuild --sign
> [opts] [spec]', gpg still prompts for a passphrase. Any ideas on how to
> get around this? Thanks.

The passphrase is there for a sane rason. If you start signing packages
automatically then the signature is only misleading. How can I trust a
signature from someone who was not even present during the signing
process?

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij@vanderkooij.org		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]