[Pkg-matrix-maintainers] Bug#927444: signing key should be created by postinst
Russell Coker
russell at coker.com.au
Thu Apr 7 04:43:07 BST 2022
The way things currently work in 1.55.0-1~bpo11+1 is that the signing key is
created on daemon startup. This means that the daemon needs write access to
the configuration directory which it doesn't need during normal operation.
For the principle of least privilege I prefer to have all daemons running
without the need to modify their own configuration, which means having the
signing key created before the daemon starts.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the Pkg-matrix-maintainers
mailing list