[LinuxBIOS] CVS or TLA

Stefan Reinauer stepan at openbios.org
Fri Mar 18 11:41:37 CET 2005

* Ronald G. Minnich <rminnich at lanl.gov> [050317 22:35]:
> > It is enough to use ssh. THOUGH: It is highly recommended that you sign
> > the commits so that the origin can be verified. (ie otherwise I could in
> > theory fake a commit done by you)
> to make sure I understand: if I have a gpgkey, then the commit process 
> will automagically ensure that it is signed, which is not the case for 
> sshkey?

You have to do the following:
  $ mkdir -p ~/.arch-params/signing
  $ echo "gpg --clearsign" > ~/.arch-params/signing/\=default
  $ echo "gpg --verify-files -" > ~/.arch-params/signing/\=default.check

* gpg is only there to proof integrity of the checkins
* ssh only gives you access to the machine


More information about the coreboot mailing list