Gentoo Archives: gentoo-dev

From: Tom Martin <slarti@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Manifest signing advice: use gpg-agent!
Date: Sat, 04 Sep 2004 22:35:04
1 Hiya guys,
3 As many devs are starting to GPG sign Manifests with repoman, there have been
4 inevitable problems with people putting their passphrase into the commit message. I've
5 *nearly* hit the return key on it a few times, and a certain other developer did
6 actually post their passphrase as a commit message. This, more than anything else, is a
7 real PITA and at least -fairly- embarassing...
9 In my opinion, it is a Very Good Thing to use a program such as quintuple-agent or
10 gpg-agent to keep your passphrase in protected memory to avoid such problems, if you
11 aren't doing so already.
13 app-crypt/newpg for gpg-agent
14 app-crypt/quintuple-agent for... err... quintuple-agent
16 Happy signing,
17 Tom
19 --
20 Tom Martin
21 Gentoo Linux AMD64 and net-mail developer
23 GPG Public key available on, 0xB5C4FF89
24 IRC: slarti` ~