Re: [arch-dev-public] Automatic Signing of ISOs, pacman databases and everything else (was: Arch Linux Cloud Images (virtualbox and Qemu))

Le 15/05/2018 à 17:25, Florian Pritz via arch-dev-public a écrit : > On 13.05.2018 22:47, Christian Rebischke via arch-dev-public wrote: >> We could just generate an automated cloud image signing key (only for >> this purpose) of course and automatically sign the images with that key. >> Problem w

[arch-dev-public] Automatic Signing of ISOs, pacman databases and everything else (was: Arch Linux Cloud Images (virtualbox and Qemu))

On 13.05.2018 22:47, Christian Rebischke via arch-dev-public wrote: > We could just generate an automated cloud image signing key (only for > this purpose) of course and automatically sign the images with that key. > Problem with this is: If our build server ever get pwned the person will > have th