On 31/10/11 06:09, Daniel Isenmann wrote:
On Sun, 30 Oct 2011 19:06:21 +0100 Florian Pritz<bluewind@xinu.at> wrote:
On 30.10.2011 18:56, Daniel Isenmann wrote:
I'm building my packages exclusive on pkgbuild.com and there I can't sign packages. If we do the switch in dbscripts then pkgbuild.com should be ready to generate signed packages. As far as I know it isn't possible yet, am I right?
So far the only solution is to download the finished package, sign it locally using gpg --detach-sign<file> and then uploading the signature back to pkgbuild.com so commitpkg will find it.
There has been some discussion [1] about remote signing for GPG, but I think they dropped the idea.
[1]: http://lists.gnupg.org/pipermail/gnupg-users/2011-June/042068.html
Kerrick Staley last comment [1] on this thread was that they will go with the hash-signing implementation. But it seems that there is nothing new on this topic.
[1]: http://lists.gnupg.org/pipermail/gnupg-users/2011-June/042078.html
I'd be much more interested in a patch that actually lets you do remote signing than a discussion that went nowhere... http://lists.gnupg.org/pipermail/gnupg-devel/2011-July/026170.html But then again, that patch went nowhere in the end too as far as I can tell. Allan