Hey all, Building debs for ppa uses gpg and signs each source package build in two different places requiring the unlocking of the gpg key twice.
I've been running a script which builds 4 packages for 3 ubuntu releases which comes to typing in my gpg passphraise 24 times in succession (more if I get it wrong). Should I be concerned that possible snoopers have 24 opportunities to watch my passphraise in physical space? And if typing in the passphraise a lots of times isn't important, why have a passphraise at all? Isn't this sort of problem what timed keyrings are for? Thoughts? Martin, -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1284875897.30010.9.ca...@delen
