From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27172 invoked from network); 4 Sep 2004 22:35:04 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 4 Sep 2004 22:35:05 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.34) id 1C3j7g-0000Cc-G3 for arch-gentoo-dev@lists.gentoo.org; Sat, 04 Sep 2004 22:35:04 +0000 Received: (qmail 26720 invoked by uid 89); 4 Sep 2004 22:35:03 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 11212 invoked from network); 4 Sep 2004 22:34:56 +0000 Date: Sat, 4 Sep 2004 23:34:48 +0100 From: Tom Martin To: gentoo-dev@lists.gentoo.org Message-ID: <20040904222506.GA7667@pohl.lj.net> Mail-Followup-To: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="APlYHCtpeOhspHkB" Content-Disposition: inline User-Agent: Mutt/1.5.6i X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - jessica.cpanelserver.co.uk X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - gentoo.org X-Source: X-Source-Args: X-Source-Dir: Subject: [gentoo-dev] Manifest signing advice: use gpg-agent! X-Archives-Salt: feed07a8-73b0-4008-8d84-319ab17a8385 X-Archives-Hash: 377fe1fbb71e71e9ab85a76fae8482af --APlYHCtpeOhspHkB Content-Type: text/plain; charset=utf8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hiya guys, As many devs are starting to GPG sign Manifests with repoman, there have be= en inevitable problems with people putting their passphrase into the commit me= ssage. I've *nearly* hit the return key on it a few times, and a certain other develope= r did actually post their passphrase as a commit message. This, more than anythin= g else, is a real PITA and at least -fairly- embarassing... In my opinion, it is a Very Good Thing to use a program such as quintuple-a= gent or gpg-agent to keep your passphrase in protected memory to avoid such problem= s, if you aren't doing so already. app-crypt/newpg for gpg-agent app-crypt/quintuple-agent for... err... quintuple-agent Happy signing, Tom --=20 Tom Martin Gentoo Linux AMD64 and net-mail developer GPG Public key available on pgp.mit.edu, 0xB5C4FF89 IRC: slarti` ~ irc.freenode.net --APlYHCtpeOhspHkB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBOkMIj5KihLXE/4kRAlEYAJ4njCwfgUMQLK7lcwLmSQvjAeeZRwCgs6QE B/Xo266d76vbDtGKj4sFMu0= =Cx2N -----END PGP SIGNATURE----- --APlYHCtpeOhspHkB--