Re: Multiple dev one signing key

2019-03-11 Thread Werner Koch
On Mon, 11 Mar 2019 12:43, johndoe65...@mail.com said: > Just to be clear, you Werner will sign everything that needs to be > signed for a release with your personal key. In practise that is the case. However, anyone of our small group can sign releases and also update the online list of

Re: Multiple dev one signing key

2019-03-11 Thread john doe
On 3/10/2019 8:29 PM, Werner Koch wrote: > On Fri, 8 Mar 2019 20:05, johndoe65...@mail.com said: > >> What is the best way forward? >> - One signing key accessible on the release system > > I'd say depends on the release system. In most cases this is a > networked box and I would hesitate to do

Re: Multiple dev one signing key

2019-03-10 Thread Werner Koch
On Fri, 8 Mar 2019 20:05, johndoe65...@mail.com said: > What is the best way forward? > - One signing key accessible on the release system I'd say depends on the release system. In most cases this is a networked box and I would hesitate to do this. Using gpg --with a remote gpg-agent would be

Re: Multiple dev one signing key

2019-03-09 Thread Daniel Kahn Gillmor
On Fri 2019-03-08 20:05:53 +0100, john doe wrote: > I'm considering working on a project that has only for now a couple of > developers. > As part of that project everything that will be released will need to be > gpg signed. > > What is the best way forward? > - One signing key accessible on

Re: Multiple dev one signing key

2019-03-08 Thread Phillip Susi
On 3/8/2019 2:05 PM, john doe wrote: > Hi, > > I'm considering working on a project that has only for now a couple of > developers. > As part of that project everything that will be released will need to be > gpg signed. > > What is the best way forward? > - One signing key accessible on the

Re: Multiple dev one signing key

2019-03-08 Thread Konstantin Ryabitsev
On Fri, Mar 08, 2019 at 08:05:53PM +0100, john doe wrote: Hi, I'm considering working on a project that has only for now a couple of developers. As part of that project everything that will be released will need to be gpg signed. What is the best way forward? - One signing key accessible on

Multiple dev one signing key

2019-03-08 Thread john doe
Hi, I'm considering working on a project that has only for now a couple of developers. As part of that project everything that will be released will need to be gpg signed. What is the best way forward? - One signing key accessible on the release system - Eatch dev having a copy of the key to be