Guidance, with my first deb, I seekj
Matt Zimmerman
mdz at ubuntu.com
Sat May 28 12:19:34 CDT 2005
On Sat, May 28, 2005 at 09:17:44AM -0400, Jeff Bailey wrote:
> Le vendredi 27 mai 2005 à 21:48 -0700, Matt Zimmerman a écrit :
> > > It looks like your i386 box doesn't have gnupg installed, or you have no
> > > GPG key on that machine. When doing test builds, I normally build with
> > > the -uc -us options to suppress signing.
> >
> > One Of These Days that really ought to become the default. Signing should
> > be part of the upload process, not the build process.
>
> I disagree - I like to know that an instance of the build that I have
> sitting there is signed and stable - then I can scp it to someplace else
> and be able to trust its integrity.
Sure, but I don't want that for _every_ build, only a small fraction of
them. That's why I don't think it should sign by default (though an option
should be provided to sign the result).
--
- mdz
More information about the ubuntu-devel
mailing list