Package: developers-reference Severtiy: minor Obviously, the paragraph talking about "type 4" GPG keys is not clear. Please explain what "type 4" means exactly.
----- Forwarded message from Erick Vresnev Castellanos Hernández <[EMAIL PROTECTED]> ----- From: Erick Vresnev Castellanos Hernández <[EMAIL PROTECTED]> Reply-To: Erick Vresnev Castellanos Hernández <[EMAIL PROTECTED]> Subject: Preferred way to genereate a gpg key? Date: Fri, 24 Jun 2005 18:39:43 -0500 To: [email protected] While I was reading Developer's Reference [1], in the part about gpg keys, it says: "You need a type 4 key for use in Debian Development. Your key length [...]" I supposed that it refers about the "gpg --gen-key" command, and the options that result from executing it. Also I remember that, *in the past*, it was a "4" option which was something about ElGamal sign and encryption, or something like that. But now, in the Sarge's version of gpg, there is only option 1,2, and 5. So, I ask: now what is the preferred way to generete a gpg key to become a debian developer? The "4" expression, and my interpretation, in that paragraph is it correct? Just want to know. And if it is a bug, I hope somebody could change it to avoid confusion. Thanks. Erick. [1] http://www.debian.org/doc/packaging-manuals/developers-reference/ch-new-maintainer.en.html -- "Libertad es aún la idea más radical de todas." ---Nathaniel Branden ----- End forwarded message ----- ----- Forwarded message from "Brian M. Carlson" <[EMAIL PROTECTED]> ----- From: "Brian M. Carlson" <[EMAIL PROTECTED]> Subject: Re: Preferred way to genereate a gpg key? Date: Sat, 25 Jun 2005 01:03:20 +0000 To: [email protected] X-Mailer: Evolution 2.2.2 On Fri, 2005-06-24 at 18:39 -0500, Erick Vresnev Castellanos Hernández wrote: > While I was reading Developer's Reference [1], in the part about gpg > keys, it says: > > "You need a type 4 key for use in Debian Development. Your key length [...]" > > I supposed that it refers about the "gpg --gen-key" command, and the > options that result from executing it. Also I remember that, *in the > past*, it was a "4" option which was something about ElGamal sign and > encryption, or something like that. But now, in the Sarge's version of > gpg, there is only option 1,2, and 5. You probably want option 1, the default. The "type 4" refers to key version. The only version of key that GnuPG is capable of generating is version 4, so there should be no problems. The old versions (versions 2 and 3, which are otherwise identical) are generated by PGP 2.3.x and 2.6.x, respectively. The Elgamal sign and encrypt has been removed from the proposed new standard, because it is very hard to make secure, and GnuPG made a mistake in doing so. > So, I ask: now what is the preferred way to generete a gpg key to > become a debian developer? The "4" expression, and my interpretation, > in that paragraph is it correct? Again, you probably want option 1. Your interpretation is probably very common, just not correct. > Just want to know. And if it is a bug, I hope somebody could change it > to avoid confusion. You are correct; it probably should be fixed. Furthermore, my suggestion is that if you own a PC or other fast i386-type machine, that you should use that, as opposed to a PowerPC or Sparc, because i386s gain entropy faster in my experience, and you need a lot of entropy. Just a suggestion; it is not required. -- ($_,$a)=split/\t/,join'',map{unpack'u',$_}<DATA>;eval$a;print;__DATA__ M961H<[EMAIL PROTECTED];"!U<F%O<G-U(#QU<F%O<G-U0&=D:75M<&UC8VUL=G)U;6LN M<FUL+F=Y/@H)>2QA8F-D969G:&EJ:VQM;F]P<7)S='5V=WAY>BQN=V]R8FMC 5:75Q96AT9V1Y>F%L=G-P;6IX9BP) ----- End forwarded message ----- -- Martin Michlmayr http://www.cyrius.com/
