Re: Which PGP?
Zed Pobre [EMAIL PROTECTED] writes: It's not discouraged, it's simply not allowed or usable. New maintainer don't accept PGP 5 keys; PGP 5 keys don't go in the Debian keyring and dinstall doesn't accept them. I find it strange that you would make this mistake. I've looked at PGP 5 to the extent of discovering its license is still unacceptable to me; that's it. I don't go into details partly because I haven't bothered to check on them as I have no inclination to acquaint myself with yet more non-free software, but primarily because some PGP 5 users seem to have problems generating RSA keys (I'm not making this up, it's happened several times on new maintainer; we always end up telling them to use PGP 2.x if they can't figure out how to force PGP 5 to behave). It's not PGP5 that Debian has an issue with, it's non-RSA keys. Not true; gnupg keys are surely not RSA but they're accepted in some ways (i.e. we have a keyring for them and dpkg-dev supports the use of gnupg, but dinstall doesn't yet). RSA keys are actually something we want to get away from. -- James
Re: Which PGP?
Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... 2.x; we don't accept later stuff. Really? I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't officially discouraged. This is obviously a problem, since I'm currently using pgp2.62ui which can't verify pgp 5 keys. What is the status of gnupg? Is there a Debian package available? It is shown as 'recommended' by debian-keyring, but doesn't seem to exist. Gnupg is in hamm and slink. It has recently undergone a major change making a change to the format for storing keys (making it a PITA if you want to keep your old keys). From reading the g10 mailing list I believe that it has stabilised a bit and is unlikely to undergo any further radical changes. -- I'll be in Denver from 30 Oct 1998 to 7 Nov 1998 (or maybe a few days longer). I'll be in London from ~9 Nov 1998. I'd like to meet any Linux users or users groups in these places at these times. I plan to work in London for 3 - 6 months...
Re: Which PGP?
On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote: Dave Swegen [EMAIL PROTECTED] writes: Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... 2.x; we don't accept later stuff. Really? I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't officially discouraged. This is obviously a problem, since I'm currently using pgp2.62ui which can't verify pgp 5 keys. David
Re: Which PGP?
On Sun, 18 Oct 1998, David Frey wrote: On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote: Dave Swegen [EMAIL PROTECTED] writes: Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... 2.x; we don't accept later stuff. Really? I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't officially discouraged. This is obviously a problem, since I'm currently using pgp2.62ui which can't verify pgp 5 keys. What is the status of gnupg? Is there a Debian package available? It is shown as 'recommended' by debian-keyring, but doesn't seem to exist. Bob Bob Nielsen Internet: [EMAIL PROTECTED] Tucson, AZ AMPRnet: [EMAIL PROTECTED] DM42nh http://www.primenet.com/~nielsen
Re: Which PGP?
David Frey [EMAIL PROTECTED] writes: On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote: Dave Swegen [EMAIL PROTECTED] writes: Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... 2.x; we don't accept later stuff. Really? Yes. (I'm speaking as part of the new maintainer team, debian keyring maintenance team and as an ftp site grubber, not just for the fun of it) I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't officially discouraged. It's not discouraged, it's simply not allowed or usable. New maintainer don't accept PGP 5 keys; PGP 5 keys don't go in the Debian keyring and dinstall doesn't accept them. -- James
Re: Which PGP?
Bob Nielsen [EMAIL PROTECTED] writes: What is the status of gnupg? Not yet used in Debian. Is there a Debian package available? Yes, on non-US. -- James
Re: Which PGP?
Joseph Carter wrote: Dpkg now does support gpg though not by default (you might have still been away at the time this came up) and it was planned to modify dinstall to support both. Did the dinstall mod not happen or something? Indeed not. It turned out that gpg was not consistent enough in its exit codes, and this was filed as a bug. Richard Braakman
Re: Which PGP?
On Thu, Oct 15, 1998 at 03:34:54PM -0700, Joseph Carter wrote: On Thu, Oct 15, 1998 at 03:08:46PM +0100, Dave Swegen wrote: Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... The Debian standard is RSA/IDEA (2.6.x compatible) keys, though Debian is slowly adjusting to include gpg (5.x compatible plus more and it's free, with the ability to add RSA and IDEA as modules if you don't mind that they're non-free due to patent BS) In case anyone was expecting me to upload these modules, the IDEA module is strongly discouraged by the gpg author (patented in at least Japan, US, and Europe until 2011), and I've decided for immigration reasons not to get involved in crypto packages. The RSA module could be packaged separately for compatibility with the existing PGP keyring, IDEA isn't necessary. The modules are easy to compile yourself, see the /usr/doc/gnupg for ftp site.
Re: Which PGP?
Dave == Dave Swegen [EMAIL PROTECTED] writes: Dave Out of curiosity, which version of PGP is the debian de Dave facto standard. I'm currently using v5, but I've seen a Dave number of people use 2.6... Debian uses 2.6 for now. 5 is a bit incompatible with other versions, and it includes sneaky key escrow systems that people don't trust. We're actually moving to gpg soon, so this will all be moot. :) -- Brought to you by the letters N and S and the number 17. Moshimoshi. Kikoemasu ka? Kakenaoshimasu kara ne! 1-do kitte kudasai. Debian GNU/Linux -- where do you want to go tomorrow? http://www.debian.org/ I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.
Re: Which PGP?
On Thu, Oct 15, 1998 at 11:36:47AM -0700, Ben Gertzfield wrote: Dave == Dave Swegen [EMAIL PROTECTED] writes: Dave Out of curiosity, which version of PGP is the debian de Dave facto standard. I'm currently using v5, but I've seen a Dave number of people use 2.6... Debian uses 2.6 for now. 5 is a bit incompatible with other versions, and it includes sneaky key escrow systems that people don't trust. AFAIK those Key Escrow sneakness systems are only in the comercial version and are optional. (kind o fmakes sense to have a Company Key for buisness related stuff so that if you die tomorow, the company can still recover its data) We're actually moving to gpg soon, so this will all be moot. :) How soon? last I heard it wasn't quite ready yet. I would personally lovce to start using gpg at least as a test now... as long as it wont interfere with my current pgp use too... any pointers? does mutt support it? I take it it doesn''t use idea/rsa lik ePGP does by default? -Steve -- /* -- Stephen Carpenter [EMAIL PROTECTED] --- [EMAIL PROTECTED] */ E-mail Bumper Stickers: A FREE America or a Drug-Free America: You can't have both! honk if you Love Linux
Re: Which PGP?
Dave Swegen [EMAIL PROTECTED] writes: Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... 2.x; we don't accept later stuff. -- James
Re: Which PGP?
On Thu, Oct 15, 1998 at 03:08:46PM +0100, Dave Swegen wrote: Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... The Debian standard is RSA/IDEA (2.6.x compatible) keys, though Debian is slowly adjusting to include gpg (5.x compatible plus more and it's free, with the ability to add RSA and IDEA as modules if you don't mind that they're non-free due to patent BS) pgpxCbYg0qcBE.pgp Description: PGP signature
Re: Which PGP?
On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote: Dave Swegen [EMAIL PROTECTED] writes: Out of curiosity, which version of PGP is the debian de facto standard. I'm currently using v5, but I've seen a number of people use 2.6... 2.x; we don't accept later stuff. Dpkg now does support gpg though not by default (you might have still been away at the time this came up) and it was planned to modify dinstall to support both. Did the dinstall mod not happen or something? pgpNP8XWkksMS.pgp Description: PGP signature