hi but dpkg-buildpackage command asks for passphrase just before building the package (at dh_builddeb ). so how can i check it with lintian etc.
Do you want that first i should build a package, check it and than use gpg separately for signing the package? bye Kapil Hari Paranjape wrote: > > Hello, > > On Fri, 14 Dec 2007, iluvlinux wrote: >> Storing your passphrase in a file or ENV variable is never "safe" as told >> in >> documents and by mentors. > > True enough. Yet ... > >> than here's what i found: >> gpg's default home dir is ~/.gunpg (you can change it using --homedir >> option, using this option will, upto some extent provides at-least some >> security as no one knows where your default directory is) >> create a file gpg.conf in that folder and edit it to contain text as >> "passphrase <your-passphrase>" > > ... here you are suggesting that you store the passphrase in a file! > > A much better option is to use the gpg agent. > > As far as signing packages is concerned, I would recommend that you > never do this "in the background". You need to verify the package > *before* you sign it. Your signature on the package affirms that you > have checked it as thoroughly as possible and are certifying this. So > run lintian, piuparts and so on before you sign a package. > > Regards, > > Kapil. > -- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Packages-getting-created-without-signature-tp14292654p14332645.html Sent from the debian-mentors mailing list archive at Nabble.com. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
