Dániel Fancsali <fancsali@gmail.com> wrote on 24/06/2022 at 18:40:03+0200: > Good afternoon, > > I am not sure, this is the right forum and the right question at all, > but I'll assume it is, and take my chances - if it turns out to be a > wrong assumption, I do apologise in advance. ;) > > I bumped into a piece of software I needed on my server(s) and I > figured I'd rather package it up instead of compiling it in place to > avoid having a complier installed. Coincidentally it's been on the > ITP/RFP list for ages, so I figured if I jump through all the hoops > and learn how to create .deb packages, I might as well be a nice > person and get it all the way into Debian. > > The package builds fine locally using pbuilder for several > architectures. I do believe all the other niceties are included (man > page, etc.). I am at the stage where it says: "sign and upload the > package to mentors.debian.org". > > I thought, I'll create a separate subkey for signing the package (and > keep my master key off-line, and the others keys separate from this > debian-signing-subkey). Would that be considered good practice? Or is > there something I can't see here? It'd be perfectly fine to do so. Just make sure this new subkey gets known to mentors.d.o. The procedure to export one subkey is tedious, if you need help, just poke. -- PEB
Attachment:
signature.asc
Description: PGP signature