I'm sure everyone has read the following from LWN [1]. I was just thinking that Debian has had package signing for a while, and the top users of the PGP Strong Set [2] (maybe even most of it) are Debian developers. Seeing as though Debian has such a strong history with OpenPGP and package signing, I was wondering if we could help them along. 1: https://lwn.net/SubscriberLink/434990/4c611307c60a7ae1/ 2: http://pgp.cs.uu.nl/plot/ Dan McGee, the lead Arch Linux developer, has stated [3] that he is willing to accept patches getting OpenPGP implemented into Pacman and the rest of Arch. So, given the history of package signing with Debian, I'm wondering if there is anything we can do as a project to help another project out. Be it documentation, how-tos, patches, whatever. It appears to be open for discussion [4], and even though I'm a hardcore Debian user through and through, it would be great to see another GNU/Linux operating system step up in the security ranks. 3: https://lwn.net/Articles/435251/ 4: https://bugs.archlinux.org/task/5331 If I'm way out of line, then let me know. Thoughts? P.S.: I would have posted this to -devel, but I didn't know if it would be appropriate or not, and I figured many developers might be on this list anyway, and if necessary, could cross-post it. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
Attachment:
signature.asc
Description: Digital signature