[buildd-tools-devel] Bug#607945: Bug#607945: Bug#607945: Bug#607945: sbuild: can haz I entropy?
Cyril Brulebois
kibi at debian.org
Thu Dec 30 18:24:20 UTC 2010
Roger Leigh <rleigh at codelibre.net> (30/12/2010):
> > Per host. It's stored in /var/lib/sbuild/apt-keys .
>
> Note that if there's a reason to do it per-chroot, we can do that.
> I couldn't envisage any security issues in sharing this key between
> chroots, but if there are it's a simple change.
Was just wondering whether this might make sense to move key creation
to sbuild's install time (openssh-server's style). Might be, if/when
the default resolver gets changed.
(“make sense” as in “can be thought of if it's per-host, and not if
it's per-chroot”; other considerations left aside.)
> > Also, as discussed on IRC, we will solve this by bailing out with
> > an error when the key is absent. This will require the user to
> > generate a key.
>
> Fixed in commit fb790792. Is this OK for you?
Not tested yet, but sounds sensible.
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20101230/e4865cab/attachment.pgp>
More information about the Buildd-tools-devel
mailing list