From 9669cb7fa1c028bcf78a7a08b93a07dc42ed9736 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen.jacobson@grimoire.ca>
Date: Thu, 23 Oct 2014 21:36:05 -0400
Subject: Signing on CI is hard.

---
 wiki/devops/continuous-signing.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 wiki/devops/continuous-signing.md

(limited to 'wiki/devops/continuous-signing.md')

diff --git a/wiki/devops/continuous-signing.md b/wiki/devops/continuous-signing.md
new file mode 100644
index 0000000..422ec49
--- /dev/null
+++ b/wiki/devops/continuous-signing.md
@@ -0,0 +1,7 @@
+# Code Signing on Build Servers
+
+We sign things so that we can authenticate them later, but authentication is
+largely a conscious function. Computers are bad at answering "is this real".
+
+Major signing systems (GPG, jarsigner) require presentation of credentials at
+signing time. CI servers don't generally have safe tools for this.
-- 
cgit v1.2.3