Re: Which PGP?

1998-10-19 Thread James Troup 
Zed Pobre [EMAIL PROTECTED] writes:

  It's not discouraged, it's simply not allowed or usable.  New
  maintainer don't accept PGP 5 keys; PGP 5 keys don't go in the
  Debian keyring and dinstall doesn't accept them.
 
 I find it strange that you would make this mistake.

I've looked at PGP 5 to the extent of discovering its license is still
unacceptable to me; that's it.  I don't go into details partly because
I haven't bothered to check on them as I have no inclination to
acquaint myself with yet more non-free software, but primarily because
some PGP 5 users seem to have problems generating RSA keys (I'm not
making this up, it's happened several times on new maintainer; we
always end up telling them to use PGP 2.x if they can't figure out how
to force PGP 5 to behave).

 It's not PGP5 that Debian has an issue with, it's non-RSA keys.

Not true; gnupg keys are surely not RSA but they're accepted in some
ways (i.e. we have a keyring for them and dpkg-dev supports the use of
gnupg, but dinstall doesn't yet).

RSA keys are actually something we want to get away from.

-- 
James

Re: Which PGP?

1998-10-19 Thread Russell Coker 
  Out of curiosity, which version of PGP is the debian de facto standard.
  I'm currently using v5, but I've seen a number of people use 2.6...
 2.x; we don't accept later stuff.
 
 Really? 
 I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List
 e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't
 officially discouraged.
 
 This is obviously a problem, since I'm currently using pgp2.62ui which can't
 verify pgp 5 keys.

What is the status of gnupg?  Is there a Debian package available?  It is
shown as 'recommended' by debian-keyring, but doesn't seem to exist.

Gnupg is in hamm and slink.  It has recently undergone a major change making
a change to the format for storing keys (making it a PITA if you want to keep
your old keys).  From reading the g10 mailing list I believe that it has
stabilised a bit and is unlikely to undergo any further radical changes.

--
I'll be in Denver from 30 Oct 1998 to 7 Nov 1998 (or maybe a few days longer).
I'll be in London from ~9 Nov 1998.  I'd like to meet any Linux users or
users groups in these places at these times.
I plan to work in London for 3 - 6 months...

Re: Which PGP?

1998-10-18 Thread David Frey 
On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote:
Dave Swegen [EMAIL PROTECTED] writes:
 Out of curiosity, which version of PGP is the debian de facto standard.
 I'm currently using v5, but I've seen a number of people use 2.6...
2.x; we don't accept later stuff.

Really? 
I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List
e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't
officially discouraged.

This is obviously a problem, since I'm currently using pgp2.62ui which can't
verify pgp 5 keys.

David

Re: Which PGP?

1998-10-18 Thread Bob Nielsen 
On Sun, 18 Oct 1998, David Frey wrote:

 On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote:
 Dave Swegen [EMAIL PROTECTED] writes:
  Out of curiosity, which version of PGP is the debian de facto standard.
  I'm currently using v5, but I've seen a number of people use 2.6...
 2.x; we don't accept later stuff.
 
 Really? 
 I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List
 e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't
 officially discouraged.
 
 This is obviously a problem, since I'm currently using pgp2.62ui which can't
 verify pgp 5 keys.

What is the status of gnupg?  Is there a Debian package available?  It is
shown as 'recommended' by debian-keyring, but doesn't seem to exist.

Bob


Bob Nielsen Internet: [EMAIL PROTECTED]
Tucson, AZ  AMPRnet:  [EMAIL PROTECTED]
DM42nh  http://www.primenet.com/~nielsen

Re: Which PGP?

1998-10-18 Thread James Troup 
David Frey [EMAIL PROTECTED] writes:

 On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote:
 Dave Swegen [EMAIL PROTECTED] writes:
  Out of curiosity, which version of PGP is the debian de facto standard.
  I'm currently using v5, but I've seen a number of people use 2.6...
 2.x; we don't accept later stuff.
 
 Really? 

Yes.  (I'm speaking as part of the new maintainer team, debian keyring
maintenance team and as an ftp site grubber, not just for the fun of
it)

 I recently retrieved a lot of PGP5-Debian-Devel keys (signed Mailing-List
 e-Mails, mainly new Developpers), so I got the impression that PGP5 wasn't
 officially discouraged.

It's not discouraged, it's simply not allowed or usable.  New
maintainer don't accept PGP 5 keys; PGP 5 keys don't go in the Debian
keyring and dinstall doesn't accept them.

-- 
James

Re: Which PGP?

1998-10-18 Thread James Troup 
Bob Nielsen [EMAIL PROTECTED] writes:

 What is the status of gnupg? 

Not yet used in Debian.

 Is there a Debian package available? 

Yes, on non-US.

-- 
James

Re: Which PGP?

1998-10-16 Thread Richard Braakman 
Joseph Carter wrote:

 Dpkg now does support gpg though not by default (you might have still been
 away at the time this came up) and it was planned to modify dinstall to
 support both.  Did the dinstall mod not happen or something?

Indeed not.  It turned out that gpg was not consistent enough in its
exit codes, and this was filed as a bug.

Richard Braakman

Re: Which PGP?

1998-10-16 Thread Drake Diedrich 
On Thu, Oct 15, 1998 at 03:34:54PM -0700, Joseph Carter wrote:
 On Thu, Oct 15, 1998 at 03:08:46PM +0100, Dave Swegen wrote:
  Out of curiosity, which version of PGP is the debian de facto standard.
  I'm currently using v5, but I've seen a number of people use 2.6...
 
 The Debian standard is RSA/IDEA (2.6.x compatible) keys, though Debian is
 slowly adjusting to include gpg (5.x compatible plus more and it's free,
 with the ability to add RSA and IDEA as modules if you don't mind that
 they're non-free due to patent BS)

   In case anyone was expecting me to upload these modules, the IDEA module
is strongly discouraged by the gpg author (patented in at least Japan, US,
and Europe until 2011), and I've decided for immigration reasons not to get
involved in crypto packages.  The RSA module could be packaged separately
for compatibility with the existing PGP keyring, IDEA isn't necessary.
The modules are easy to compile yourself, see the /usr/doc/gnupg for ftp
site.

Re: Which PGP?

1998-10-15 Thread Ben Gertzfield 
 Dave == Dave Swegen [EMAIL PROTECTED] writes:

Dave Out of curiosity, which version of PGP is the debian de
Dave facto standard.  I'm currently using v5, but I've seen a
Dave number of people use 2.6...

Debian uses 2.6 for now. 5 is a bit incompatible with other versions,
and it includes sneaky key escrow systems that people don't trust.

We're actually moving to gpg soon, so this will all be moot. :)

-- 
Brought to you by the letters N and S and the number 17.
Moshimoshi. Kikoemasu ka? Kakenaoshimasu kara ne! 1-do kitte kudasai.
Debian GNU/Linux -- where do you want to go tomorrow? http://www.debian.org/
I'm on FurryMUCK as Che, and EFNet and YiffNet IRC as Che_Fox.

Re: Which PGP?

1998-10-15 Thread Stephen J. Carpenter 
On Thu, Oct 15, 1998 at 11:36:47AM -0700, Ben Gertzfield wrote:
  Dave == Dave Swegen [EMAIL PROTECTED] writes:
 
 Dave Out of curiosity, which version of PGP is the debian de
 Dave facto standard.  I'm currently using v5, but I've seen a
 Dave number of people use 2.6...
 
 Debian uses 2.6 for now. 5 is a bit incompatible with other versions,
 and it includes sneaky key escrow systems that people don't trust.

AFAIK those Key Escrow sneakness systems are only in the comercial
version and are optional.

(kind o fmakes sense to have a Company Key for buisness related stuff
so that if you die tomorow, the company can still recover its data)

 We're actually moving to gpg soon, so this will all be moot. :)

How soon? last I heard it wasn't quite ready yet. 
I would personally lovce to start using gpg at least as a test now...
as long as it wont interfere with my current pgp use too...

any pointers? does mutt support it? I take it it doesn''t use idea/rsa 
lik ePGP does by default?

-Steve

-- 
/* -- Stephen Carpenter [EMAIL PROTECTED] --- [EMAIL PROTECTED] 
*/
E-mail Bumper Stickers:
A FREE America or a Drug-Free America: You can't have both!
honk if you Love Linux

Re: Which PGP?

1998-10-15 Thread James Troup 
Dave Swegen [EMAIL PROTECTED] writes:

 Out of curiosity, which version of PGP is the debian de facto standard.
 I'm currently using v5, but I've seen a number of people use 2.6...

2.x; we don't accept later stuff.

-- 
James

Re: Which PGP?

1998-10-15 Thread Joseph Carter 
On Thu, Oct 15, 1998 at 03:08:46PM +0100, Dave Swegen wrote:
 Out of curiosity, which version of PGP is the debian de facto standard.
 I'm currently using v5, but I've seen a number of people use 2.6...

The Debian standard is RSA/IDEA (2.6.x compatible) keys, though Debian is
slowly adjusting to include gpg (5.x compatible plus more and it's free,
with the ability to add RSA and IDEA as modules if you don't mind that
they're non-free due to patent BS)


pgpxCbYg0qcBE.pgp
Description: PGP signature

Re: Which PGP?

1998-10-15 Thread Joseph Carter 
On Thu, Oct 15, 1998 at 08:23:38PM +0100, James Troup wrote:
 Dave Swegen [EMAIL PROTECTED] writes:
 
  Out of curiosity, which version of PGP is the debian de facto standard.
  I'm currently using v5, but I've seen a number of people use 2.6...
 
 2.x; we don't accept later stuff.

Dpkg now does support gpg though not by default (you might have still been
away at the time this came up) and it was planned to modify dinstall to
support both.  Did the dinstall mod not happen or something?


pgpNP8XWkksMS.pgp
Description: PGP signature