Hiya guys,

As many devs are starting to GPG sign Manifests with repoman, there have been
inevitable problems with people putting their passphrase into the commit message. I've
*nearly* hit the return key on it a few times, and a certain other developer did
actually post their passphrase as a commit message. This, more than anything else, is a
real PITA and at least -fairly- embarassing...

In my opinion, it is a Very Good Thing to use a program such as quintuple-agent or
gpg-agent to keep your passphrase in protected memory to avoid such problems, if you
aren't doing so already.

app-crypt/newpg for gpg-agent
app-crypt/quintuple-agent for... err... quintuple-agent

Happy signing,
Tom

-- 
Tom Martin
Gentoo Linux AMD64 and net-mail developer

GPG Public key available on pgp.mit.edu, 0xB5C4FF89
IRC: slarti` ~ irc.freenode.net