1 |
Hiya guys, |
2 |
|
3 |
As many devs are starting to GPG sign Manifests with repoman, there have been |
4 |
inevitable problems with people putting their passphrase into the commit message. I've |
5 |
*nearly* hit the return key on it a few times, and a certain other developer did |
6 |
actually post their passphrase as a commit message. This, more than anything else, is a |
7 |
real PITA and at least -fairly- embarassing... |
8 |
|
9 |
In my opinion, it is a Very Good Thing to use a program such as quintuple-agent or |
10 |
gpg-agent to keep your passphrase in protected memory to avoid such problems, if you |
11 |
aren't doing so already. |
12 |
|
13 |
app-crypt/newpg for gpg-agent |
14 |
app-crypt/quintuple-agent for... err... quintuple-agent |
15 |
|
16 |
Happy signing, |
17 |
Tom |
18 |
|
19 |
-- |
20 |
Tom Martin |
21 |
Gentoo Linux AMD64 and net-mail developer |
22 |
|
23 |
GPG Public key available on pgp.mit.edu, 0xB5C4FF89 |
24 |
IRC: slarti` ~ irc.freenode.net |