On Aug 01, Martin Mitchell <martin@debian.org> wrote: >> > * GPG as standard signature for packages >> > >> > Marco d'Itri: probably GPG is not ready yet >> I understood the outcome of the last discussion here to be that it very >> nearly is. In particular, I'd like to note that GPG supports idea and rsa >> as loadable modules (which we could put in non-free). >If it has enough functionality that we can adopt it now, then its >development should surely be assisted by the widespread testing of >Debian developers. It's more or less working, but sometimes it shows bad bugs. Also, there is no manual yet. I can see many debian developers who routinely use PGP (e.g. for signing email). If each of them would use gnupg we could catch bugs faster. The tipical PGP 2.6 user can use this ~/.gnupg/options file: no-greeting load-extension idea load-extension rsa # here goes your RSA key ID default-key 0x3C620D2D # needed to be understood by PGP < 2.6.3ia no-comment Mutt users (>= 0.93i) can add that to their ~/.muttrc files: set pgp_gpg="/usr/local/bin/gpg" set pgp_default_version=gpg GNUPG 0.3.2 needs a patch to correctly verify RSA clearsigned text. It can be downloaded from http://www.linux.it/~md/gpg-pgp2.diff -- ciao, Marco
Attachment:
pgpu4xx5jFokt.pgp
Description: PGP signature