> I don't personally see the problem with manually signing though. I > build packages in mock under a build account setup specifically for > packaging. Once the packages are built, I sign them from my normal > user account (e.g.: rpm --addsign ~build/mock/<package>/*.rpm). well.. signing a few packages by hand isn't a problem at all. but signing about 50 packages is. And removing the password completely seems like a good possibility. i wish rpmbuild (or rpm) was allowing something like this: rpmbuild -ba --sign="the key" my_rpm.spec or rpmbuild -ba --sign --passphrase "the key" my_rpm.spec Just the option for that would be gread.