Debian Bug report logs - #7399
dpkg-dev 1.4.0.8 : request to include debian-keyring README

Package: debian-keyring; Maintainer for debian-keyring is Debian Keyring Maintainers <keyring-maint@debian.org>; Source for debian-keyring is src:debian-keyring (PTS, buildd, popcon).

Reported by: Igor Grobman <igor@vaca.net>

Date: Sat, 15 Feb 1997 16:18:05 UTC

Severity: fixed

Done: Ben Collins <bcollins@debian.org>

Bug is archived. No further changes may be made.

Forwarded to ian@davenant.greenend.org.uk

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org:
Bug#7399. (full text, mbox, link).


Acknowledgement sent to Igor Grobman <igor@vaca.net>:
New bug report received and forwarded.

Your message didn't have a Package: line at the start (in the pseudo-header following the real mail header), or didn't have a psuedo-header at all.

This makes it much harder for us to categorise and deal with your problem report; please ensure that you say which package(s) and version(s) the problem is with next time. Some time in the future the problem reports system may start rejecting such messages.

(full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Igor Grobman <igor@vaca.net>
To: submit@bugs.debian.org
Subject: dpkg-dev 1.4.0.8 : request to include debian-keyring README
Date: Sat, 15 Feb 1997 11:22:00 -0500 (EST)
[Message part 1 (text/plain, inline)]
-----BEGIN PGP SIGNED MESSAGE-----

Package: dpkg-dev
Version: 1.4.0.8

I am reporting this as a bug, because I am not sure if Ian is fully back
to the project, and don't know to whom to send such a request.  

I am the maintainer of debian keyring.  It contains up-to-date PGP keys of
debian developers.  Right now it is still incomplete, since Lars (and
then me) started collecting the keys about a month ago. The
developer-keys.pgp in dpkg-dev hasn't been updated in a while, and maybe
it shouldn't, because it will never be up to date. By including this
README file, most of the developers will be aware that debian-keyring
exists, and where to find it.  Right now, the only people who know about
it are those who didn't miss my anouncement on debian-devel.

Thanks.
__
Proudly running Debian Linux! Linux vs. Windows is a no-Win situation....
Igor Grobman                                             igor@vaca.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQBVAwUBMwXiqf6MRr9c8VylAQH56gH/UMQHIJy38zqmN2STH0JPbZH81BJpC6Ej
f557tEyNVQT9xbjR0JNh7SSCYk5qOe4JvlYS+3VkB3yNq9DYh4Tccw==
=cVfj
-----END PGP SIGNATURE-----
[README (text/plain, inline)]
README for debian-keyring.pgp
Originally written by Lars Wirzenius, liw@iki.fi
Now maintained by Igor Grobman <igor@vaca.net>


Introduction

	The Debian project wants developers to digitally sign
	the announcements of their packages with PGP, to protect
	against forgeries.  I maintain a PGP keyring with keys of
	Debian developers.  This is the README for that keyring.

Getting debian-keyring.pgp

	The current version of debian-keyring.pgp is always
	available at
	
		http://www.vaca.net/~igor/debian-keyring.tar.gz	
	
	That file contains the keyring and this README.
	
	The keyring is also part of the Debian dpkg-dev package,
	but the copy in that package may not be up to date,
	since the keyring changes more frequently than the
	package is updated. However, every Debian package
	maintainer needs to have dpkg-dev installed, and can
	get a version of the keyring from
	
		/usr/doc/dpkg/developer-keys.pgp
	
	Use "pgp -ka" to add the keys in a keyring to your
	personal keyring.

Generate a key pair

	PGP is used for security, and security can be a bit
	tricky.  Please read the PGP manual (in /usr/doc/pgp
	on Debian) before generating a key pair. The actual
	generation is trivial. Please use at least 1024 bits.
	
	(It's a key pair, because PGP uses public key
	cryptography.  One of the keys is private, one is
	public. This is all explained in the manuals.)
	
	If your copy of PGP doesn't automatically sign your
	own key, please do it yourself (pgp -ks). This prevents
	others from tampering with the username in the key.
	
	If you already have a PGP key pair, it's OK to use it,
	but it's also OK to generate a new key pair specifically
	for Debian.

Copy your public key to a text file

	When you have a key pair, copy the public key from
	your personal key ring into a file called foo.asc
	with the following command:
	
		pgp -kxa 'your name' foo.asc
	
	where 'your name' is the username you gave to PGP when
	generating your key.
	
	foo.asc is a text file, you can view it with any editor.
	Do NOT modify it, or it will break.
	
Upload your key to PGP key servers

	Upload the foo.asc file to the PGP key servers, to make
	it easy for anyone to get your public key. The URL is:
	
		http://www.pgp.net/pgpnet/
	
	There are many PGP key servers, but they're linked to
	each other, and it should be enough to upload your key to
	just one server.

Exchange key signatures with other people

	If possible, meet other Debian developers in person
	and sign each other's keys. Geographical and economical
	challenges often make this impossible, but if you can do
	it, please do.	Signing keys means verifying that the
	key and the username belong together. The signatures
	can allow other people to trust the key. (This is the
	"web of trust" stuff the PGP manual explains about.)
	
	Also exchange key signatures with many other PGP users.
	It all helps to expand and strengthen the PGP web
	of trust.
	
	When your key is signed, the signatures are added to the
	key. You need to upload your key again to the key servers
	to make those signatures available for other people.

Getting your key into debian-keyring.pgp

	When you release your package, you need to sign your
	.changes file with PGP (dpkg-buildpackage does this
	automatically). Send the signed .changes file to
	the suitable Debian announcements list, e.g.,
	debian-devel-announce@lists.debian.org.
	
	If you have uploaded your key to the PGP key servers,
	that should be all you need to do. I read the Debian
	announcement lists, and fetch missing keys from the
	key servers.
	
	If I can't find your key in the key servers, I will
	ask you for it.

Bug assigned to package `dpkg-dev'. Request was from Christian Schwarz <schwarz@monet.m.isar.de> to control@bugs.debian.org. (full text, mbox, link).


Severity set to `wishlist'. Request was from Joel Klecker <jk@espy.org> to control@bugs.debian.org. (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>:
Bug#7399; Package dpkg-dev. (full text, mbox, link).


Acknowledgement sent to Adam Di Carlo <apharris@burrito.onshore.com>:
Extra info received and forwarded to list. Copy sent to Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>. (full text, mbox, link).


Message #14 received at 7399@bugs.debian.org (full text, mbox, reply):

From: Adam Di Carlo <apharris@burrito.onshore.com>
To: control@bugs.debian.org
Cc: 7399@bugs.debian.org, 20909@bugs.debian.org, 6134@bugs.debian.org
Subject: bugs 'fixed' by debian-keyring pkg
Date: 07 Nov 1998 13:12:09 -0500
severity 7399 fixed
severity 20909 fixed
severity 6134 fixed
thanks

These bugs have been fixed by the slipping off and the independant
maintenance of the debian-keyring package.  NMUs of dpkg-dev have
removed the keyrings from this package.

.....A. P. Harris...apharris@onShore.com...<URL:http://www.onShore.com/>




Severity set to `fixed'. Request was from Adam Di Carlo <apharris@burrito.onshore.com> to control@bugs.debian.org. (full text, mbox, link).


Noted your statement that bug has been forwarded to ian@davenant.greenend.org.uk. Request was from Ian Jackson <ian@davenant.greenend.org.uk> to control@bugs.debian.org. (full text, mbox, link).


Bug closed, ack sent to submitter - they'd better know why ! Request was from Ben Collins <bcollins@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Bug reassigned from package `dpkg-dev' to `debian-keyring'. Request was from Ben Collins <bcollins@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Mar 19 03:43:21 2024; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.