Why Does Debian Use PGP to Sign Packages

Hello All,

In an earlier post I asked why Debian uses PGP to sign packages despiteits complexity.


Some responded that Sequoia PGP simplifies the process.

I now wish to ask why Debian uses PGP in general to sign packages whenthere are alternatives such as SigStore.

What were the unique benefits in PGP that could not be found in otheralternatives?


I thank all in advance for any responses.

Best,

Tanveer Salim

Reply to:

Follow-Ups:
- Re: Why Does Debian Use PGP to Sign Packages
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: Why Does Debian Use PGP to Sign Packages
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Why Does Debian Use PGP to Sign Packages
  - From: kpcyrd <kpcyrd@archlinux.org>