[LinuxBIOS] CVS or TLA
Stefan Reinauer
stepan at openbios.org
Fri Mar 18 11:41:37 CET 2005
* Ronald G. Minnich <rminnich at lanl.gov> [050317 22:35]:
> > It is enough to use ssh. THOUGH: It is highly recommended that you sign
> > the commits so that the origin can be verified. (ie otherwise I could in
> > theory fake a commit done by you)
>
> to make sure I understand: if I have a gpgkey, then the commit process
> will automagically ensure that it is signed, which is not the case for
> sshkey?
You have to do the following:
$ mkdir -p ~/.arch-params/signing
$ echo "gpg --clearsign" > ~/.arch-params/signing/\=default
$ echo "gpg --verify-files -" > ~/.arch-params/signing/\=default.check
* gpg is only there to proof integrity of the checkins
* ssh only gives you access to the machine
Stefan
More information about the coreboot
mailing list