| 1 |
Hiya guys, |
| 2 |
|
| 3 |
As many devs are starting to GPG sign Manifests with repoman, there have been |
| 4 |
inevitable problems with people putting their passphrase into the commit message. I've |
| 5 |
*nearly* hit the return key on it a few times, and a certain other developer did |
| 6 |
actually post their passphrase as a commit message. This, more than anything else, is a |
| 7 |
real PITA and at least -fairly- embarassing... |
| 8 |
|
| 9 |
In my opinion, it is a Very Good Thing to use a program such as quintuple-agent or |
| 10 |
gpg-agent to keep your passphrase in protected memory to avoid such problems, if you |
| 11 |
aren't doing so already. |
| 12 |
|
| 13 |
app-crypt/newpg for gpg-agent |
| 14 |
app-crypt/quintuple-agent for... err... quintuple-agent |
| 15 |
|
| 16 |
Happy signing, |
| 17 |
Tom |
| 18 |
|
| 19 |
-- |
| 20 |
Tom Martin |
| 21 |
Gentoo Linux AMD64 and net-mail developer |
| 22 |
|
| 23 |
GPG Public key available on pgp.mit.edu, 0xB5C4FF89 |
| 24 |
IRC: slarti` ~ irc.freenode.net |
Archives