On Thu 2017-02-16 12:23:00 -0500, Ximin Luo wrote: > I haven't yet updated debrsign but I think that program is a bit > pointless anyway, and have documented this in debsign(1): "note that > it is probably safer to have your trusted signing machine use > \fBdebsign\fR to connect to the untrusted non-signing machine, rather > than using \fBdebrsign\fR to make the connection in the reverse > direction."
fwiw, i agree with Ximin here. If doing it the other way around isn't possible, a better option (given the version of gpg that is available in stretch) is to forward the gpg-agent's extra socket from the trusted machine to the remote machine and using debsign directly on the remote/untrusted machine, and confirming access to the secret key material via gpg-agent's use of pinentry the trusted machine. We should probably try to deprecate debrsign in general. https://codesearch.debian.net/search?q=debrsign suggests it's only used in devscripts, referenced in the developers-reference, and then as an obscure option in ui-auto. I've just filed https://bugs.debian.org/855320 in developers-reference to avoid encouraging its use. ui-auto also appears to have a comparable ui-auto-rsign that parallels this dangerous strategy. I've filed another bug to try to get that changed too (but i don't have the assigned bug report number yet). --dkg
signature.asc
Description: PGP signature
