]> git.decadent.org.uk Git - dak.git/blobdiff - setup/README
projects / dak.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add docs that the secret key only needs to be able to sign
[dak.git] / setup / README
diff --git a/setup/README b/setup/README
index c193e9a3cd480c9be8b512ba6f18ae306a36ec95..9d5103c19e4ef8e043ef5d7cbb2c676a12cd9911 100644 (file)
--- a/setup/README
+++ b/setup/README
@@ -67,7 +67,9 @@ WARNING: Please check these templates over and customise as necessary
 # cp templates/* /srv/dak/templates/
 
 Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg.  Guard this key carefully
+pass one through to gpg.  Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
+to encrypt.
 # gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
 Remember the signing key id for when creating the suite below.
 Here we'll pretend it is DDDDDDDD for convenience
dak changes to support and test code signing