> During the build you sign the packages with your gpg at the librerelease > time.
With your private key for which the public key should be included in parabola-keyring. > Since it seems there is one machine for a tuples of people, modifying > one by one the /etc/libretools.conf on the key ID sounds weird. IMO we should use a separate keypair just for packages built on that machine. Most libretools load user-specific configuration files, they would literally answer your question. > So maybe we will need to redraw libretools.conf to ask for a key inside > the parabola-keyring and not just one known ID. I won't publish my private key and I don't want to download the packages just to sign them (it seems also pointless for security). I'm also not convinced that relating the keys to users signing the packages instead of the machine building them is useful.
pgpPNZoVYRWVa.pgp
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabolagnulinux.org/mailman/listinfo/dev
