On Sun, 30 Oct 2011 19:06:21 +0100 Florian Pritz <bluew...@xinu.at> wrote:
> On 30.10.2011 18:56, Daniel Isenmann wrote: > > I'm building my packages exclusive on pkgbuild.com and there I can't > > sign packages. If we do the switch in dbscripts then pkgbuild.com > > should be ready to generate signed packages. As far as I know it > > isn't possible yet, am I right? > > So far the only solution is to download the finished package, sign it > locally using gpg --detach-sign <file> and then uploading the > signature back to pkgbuild.com so commitpkg will find it. > > There has been some discussion [1] about remote signing for GPG, but I > think they dropped the idea. > > [1]: > http://lists.gnupg.org/pipermail/gnupg-users/2011-June/042068.html Kerrick Staley last comment [1] on this thread was that they will go with the hash-signing implementation. But it seems that there is nothing new on this topic. [1]: http://lists.gnupg.org/pipermail/gnupg-users/2011-June/042078.html
