Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
James Troup <james@nocrew.org> writes:
> New maintainer is not a problem; as soon as GNUpg is in place, we'll
> just insist maintainers use it (as opposed to insisting they use
> non-free software).
Good. I haven't investigated gpg yet, but as long as it works (of
course "works" for a program like this is far beyond my expertise to
evaluate), this is the right thing to do.
> But this will bite lots of current maintainers who try to build
> packages and get flummoxed when build/dpkg-buildpackage starts moaning
> "gpg command not found" and they then have to be told to do -ppgp. If
> pgp stays as default we have to tell all new maintainers to use -pgpg
> because their PGP keys won't be in the Debian keyring. It's not a
> nice situation, and I would like to hear what others think.
1) Make gpg the default, and advertise it on debian-devel. This will
just cause a short-term confusion.
2) Put a test into dpkg-buildpackage like:
(if (exists? "gpg") (use "gpg") (use "pgp"))
> This means forcing all
> developers to generate gnupg keys;
Big deal.
Unless there are security concerns with gpg, let's do it...now.
--
Rob Browning <rlb@cs.utexas.edu> PGP=E80E0D04F521A094 532B97F5D64E3930
--
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: