On Fri, 9 Apr 2010, Carsten Krüger wrote:
Where is the problem? Signing could be easily integrated in build process.
umm -- Signing requires unlocking the GnuPG key to get a human set of eyes, and confirmation that all seems to be well into the process
-- an autosigning from a non-protected key cannot sensibly be trusted, particularly with a process that has to run at some point with root access rights
-- Russ herrold
