Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)

To: James Troup <james@nocrew.org>
Cc: debian-policy@lists.debian.org
Subject: Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
From: <paulwade@greenbush.com>
Date: Wed, 1 Jul 1998 13:05:19 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.980701123945.16626A-100000@ns1.greenbush.com>
In-reply-to: <[🔎] dmmg1gl8shh.fsf@dcsun4.comp.brad.ac.uk>

I'm very interested in helping with this (at least as a tester). I've been
playing around with a lot of the related tools lately, anyway. Maybe an
elegant solution can be found to deal with the transition period. I
currently just use a straight dpkg-buildpackage command. Because it can't
sign the package it gives me a beep. I don't mind that - it lets me know
that the build is finished :)

On 1 Jul 1998, James Troup wrote:

> Date: 01 Jul 1998 17:07:38 +0100
> From: James Troup <james@nocrew.org>
> To: debian-policy@lists.debian.org
> Subject: Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
> Resent-Date: 1 Jul 1998 16:07:45 -0000
> Resent-From: debian-policy@lists.debian.org
> Resent-cc: recipient list not shown: ;
> 
> jdassen@wi.leidenuniv.nl writes:
> 
> > How difficult would it be to extend our infrastructure (new maintainer
> > acceptance; developer-keyring; dpkg-dev) with support for gpg?
> 
> The debian-keyring package (to be uploaded RSN (honest)) contains a
> debian-keyring.gpg.  If you want to generate a GNUpg key and send it
> to gpg-update@debian.org, it'll be added.
> 
> New maintainer is not a problem; as soon as GNUpg is in place, we'll
> just insist maintainers use it (as opposed to insisting they use
> non-free software).
> 
> dpkg-dev and dinstall are the only things that need to be fixed.
> dinstall is trivial, it just has to handle gnupg signed packages.
> dpkg-dev is more complex; does gnupg become the default signing method
> in unstable?  If so we should change the pgp-command in
> dpkg-buildpackage to default to gpg.
> 
> But this will bite lots of current maintainers who try to build
> packages and get flummoxed when build/dpkg-buildpackage starts moaning
> "gpg command not found" and they then have to be told to do -ppgp.  If
> pgp stays as default we have to tell all new maintainers to use -pgpg
> because their PGP keys won't be in the Debian keyring.  It's not a
> nice situation, and I would like to hear what others think.
> 
> Either way, I seriously detest the use of the non-free PGP in Debian,
> it's rank hypocrisy and it has already lost us at least one new
> maintainer, and I think now that we have GNUpg it would be
> unbelievably Wrong not to use it in place of PGP.  IMO, either by
> slink (if we go to FHS in slink [i.e. every package has to be
> reuploaded anyway]) or in 2.2/whatever, you should be able to verify a
> Debian package without using the non-free PGP.  This means forcing all
> developers to generate gnupg keys; I don't personally see this as
> problem (again, it's a case of forcing free software onto developers,
> so we don't have to force non-free software onto our users and new
> developers), but I suspect some people will.
> 
> -- 
> James
> ~Yawn And Walk North~                                  http://yawn.nocrew.org/
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 


--  
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
  - From: James Troup <james@nocrew.org>

Prev by Date: Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
Next by Date: Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
Previous by thread: Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
Next by thread: Re: Replacing/phasing out PGP (was Re: Idea for non-free organization)
Index(es):
- Date
- Thread