[EMAIL PROTECTED] writes: > How difficult would it be to extend our infrastructure (new maintainer > acceptance; developer-keyring; dpkg-dev) with support for gpg?
The debian-keyring package (to be uploaded RSN (honest)) contains a debian-keyring.gpg. If you want to generate a GNUpg key and send it to [EMAIL PROTECTED], it'll be added. New maintainer is not a problem; as soon as GNUpg is in place, we'll just insist maintainers use it (as opposed to insisting they use non-free software). dpkg-dev and dinstall are the only things that need to be fixed. dinstall is trivial, it just has to handle gnupg signed packages. dpkg-dev is more complex; does gnupg become the default signing method in unstable? If so we should change the pgp-command in dpkg-buildpackage to default to gpg. But this will bite lots of current maintainers who try to build packages and get flummoxed when build/dpkg-buildpackage starts moaning "gpg command not found" and they then have to be told to do -ppgp. If pgp stays as default we have to tell all new maintainers to use -pgpg because their PGP keys won't be in the Debian keyring. It's not a nice situation, and I would like to hear what others think. Either way, I seriously detest the use of the non-free PGP in Debian, it's rank hypocrisy and it has already lost us at least one new maintainer, and I think now that we have GNUpg it would be unbelievably Wrong not to use it in place of PGP. IMO, either by slink (if we go to FHS in slink [i.e. every package has to be reuploaded anyway]) or in 2.2/whatever, you should be able to verify a Debian package without using the non-free PGP. This means forcing all developers to generate gnupg keys; I don't personally see this as problem (again, it's a case of forcing free software onto developers, so we don't have to force non-free software onto our users and new developers), but I suspect some people will. -- James ~Yawn And Walk North~ http://yawn.nocrew.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
