[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pgp or gpg ?

On Fri, Jul 16, 1999 at 06:14:02PM +0200, Martin Butterweck wrote:
> The Developers Reference says I should use pgp for now, but the package
> debian-keyrings includes keys for gpg as well, so I wondered if the
> reference perhaps isnt up to date anymore and I can as well use gpg when
> i become a developer (real soon :).

I'm working on a HOWTO for this, but it works like this ...

gpg supports pgp keyrings with either gpg-rsa or gpg-rsaref installed.

dpkg-buildpackage supports a gpg interface, however if you have more than
one key with the same email address, you're going to have issues with it
with versions of dpkg-dev prior to  You just add -pgpg -sgpg
-k<keyid> to dpkg-buildpackage and gpg will be used with the right key
even.  In my case:  -pgpg -sgpg -k0x50BDA0ED

A pgp key should be signed with itself.  A gpg key should be as well, but
also with a pgp key if you have one and don't mind installing one of the
rsa modules.  Note that you need to use rsaref in the US because of the
software patent.

dinstall does or will soon support the use of DSA keys.  Same with the
voting system.  In another couple of months, RSA keys that pgp 2.x used
will be totally unnecessary for a new developer and pgp will not even need
to be installed (YAY!)  I'll still recommend keeping gpg-rsa{,ref} around
for awhile to check sigs on stuff still using pgp, but still gpg-rsa is at
least free---unless you live in the US.  And even that will change in
something close to about 430 more days.

Joseph Carter <knghtbrd@debian.org>             Debian GNU/Linux developer
GnuPG: 2048g/3F9C2A43 - 20F6 2261 F185 7A3E 79FC  44F9 8FF7 D7A3 DCF9 DAB3
PGP 2.6: 2048R/50BDA0ED - E8 D6 84 81 E3 A8 BB 77  8E E2 29 96 C9 44 5F BE
<Davide> how bout a policy policing policy with a policy for changing the
         police policing policy

Attachment: pgp6bfO9PC8nH.pgp
Description: PGP signature

Reply to: