Roger Leigh <rle...@codelibre.net> (30/12/2010): > > Per host. It's stored in /var/lib/sbuild/apt-keys . > > Note that if there's a reason to do it per-chroot, we can do that. > I couldn't envisage any security issues in sharing this key between > chroots, but if there are it's a simple change.
Was just wondering whether this might make sense to move key creation to sbuild's install time (openssh-server's style). Might be, if/when the default resolver gets changed. (“make sense” as in “can be thought of if it's per-host, and not if it's per-chroot”; other considerations left aside.) > > Also, as discussed on IRC, we will solve this by bailing out with > > an error when the key is absent. This will require the user to > > generate a key. > > Fixed in commit fb790792. Is this OK for you? Not tested yet, but sounds sensible. KiBi.
signature.asc
Description: Digital signature
