]> err.no Git - dak/commitdiff
Add docs that the secret key only needs to be able to sign
authorMark Hymers <mhy@debian.org>
Sat, 30 Jul 2011 09:36:30 +0000 (10:36 +0100)
committerMark Hymers <mhy@debian.org>
Sat, 30 Jul 2011 09:36:30 +0000 (10:36 +0100)
Signed-off-by: Mark Hymers <mhy@debian.org>
setup/README

index c193e9a3cd480c9be8b512ba6f18ae306a36ec95..9d5103c19e4ef8e043ef5d7cbb2c676a12cd9911 100644 (file)
@@ -67,7 +67,9 @@ WARNING: Please check these templates over and customise as necessary
 # cp templates/* /srv/dak/templates/
 
 Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg.  Guard this key carefully
+pass one through to gpg.  Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
+to encrypt.
 # gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
 Remember the signing key id for when creating the suite below.
 Here we'll pretend it is DDDDDDDD for convenience