* Ronald G. Minnich <[email protected]> [050317 22:35]: > > It is enough to use ssh. THOUGH: It is highly recommended that you sign > > the commits so that the origin can be verified. (ie otherwise I could in > > theory fake a commit done by you) > > to make sure I understand: if I have a gpgkey, then the commit process > will automagically ensure that it is signed, which is not the case for > sshkey?
You have to do the following: $ mkdir -p ~/.arch-params/signing $ echo "gpg --clearsign" > ~/.arch-params/signing/\=default $ echo "gpg --verify-files -" > ~/.arch-params/signing/\=default.check * gpg is only there to proof integrity of the checkins * ssh only gives you access to the machine Stefan _______________________________________________ LinuxBIOS mailing list [email protected] http://www.openbios.org/mailman/listinfo/linuxbios
