Debian Bug report logs -
#7399
dpkg-dev 1.4.0.8 : request to include debian-keyring README
Reported by: Igor Grobman <igor@vaca.net>
Date: Sat, 15 Feb 1997 16:18:05 UTC
Severity: fixed
Done: Ben Collins <bcollins@debian.org>
Bug is archived. No further changes may be made.
Forwarded to ian@davenant.greenend.org.uk
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org
:
Bug#7399
.
(full text, mbox, link).
Acknowledgement sent to Igor Grobman <igor@vaca.net>
:
New bug report received and forwarded.
Your message didn't have a Package: line at the start (in the
pseudo-header following the real mail header), or didn't have a
psuedo-header at all.
This makes it much harder for us to categorise and deal with your
problem report; please ensure that you say which package(s) and
version(s) the problem is with next time. Some time in the future the
problem reports system may start rejecting such messages.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
-----BEGIN PGP SIGNED MESSAGE-----
Package: dpkg-dev
Version: 1.4.0.8
I am reporting this as a bug, because I am not sure if Ian is fully back
to the project, and don't know to whom to send such a request.
I am the maintainer of debian keyring. It contains up-to-date PGP keys of
debian developers. Right now it is still incomplete, since Lars (and
then me) started collecting the keys about a month ago. The
developer-keys.pgp in dpkg-dev hasn't been updated in a while, and maybe
it shouldn't, because it will never be up to date. By including this
README file, most of the developers will be aware that debian-keyring
exists, and where to find it. Right now, the only people who know about
it are those who didn't miss my anouncement on debian-devel.
Thanks.
__
Proudly running Debian Linux! Linux vs. Windows is a no-Win situation....
Igor Grobman igor@vaca.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQBVAwUBMwXiqf6MRr9c8VylAQH56gH/UMQHIJy38zqmN2STH0JPbZH81BJpC6Ej
f557tEyNVQT9xbjR0JNh7SSCYk5qOe4JvlYS+3VkB3yNq9DYh4Tccw==
=cVfj
-----END PGP SIGNATURE-----
[README (text/plain, inline)]
README for debian-keyring.pgp
Originally written by Lars Wirzenius, liw@iki.fi
Now maintained by Igor Grobman <igor@vaca.net>
Introduction
The Debian project wants developers to digitally sign
the announcements of their packages with PGP, to protect
against forgeries. I maintain a PGP keyring with keys of
Debian developers. This is the README for that keyring.
Getting debian-keyring.pgp
The current version of debian-keyring.pgp is always
available at
http://www.vaca.net/~igor/debian-keyring.tar.gz
That file contains the keyring and this README.
The keyring is also part of the Debian dpkg-dev package,
but the copy in that package may not be up to date,
since the keyring changes more frequently than the
package is updated. However, every Debian package
maintainer needs to have dpkg-dev installed, and can
get a version of the keyring from
/usr/doc/dpkg/developer-keys.pgp
Use "pgp -ka" to add the keys in a keyring to your
personal keyring.
Generate a key pair
PGP is used for security, and security can be a bit
tricky. Please read the PGP manual (in /usr/doc/pgp
on Debian) before generating a key pair. The actual
generation is trivial. Please use at least 1024 bits.
(It's a key pair, because PGP uses public key
cryptography. One of the keys is private, one is
public. This is all explained in the manuals.)
If your copy of PGP doesn't automatically sign your
own key, please do it yourself (pgp -ks). This prevents
others from tampering with the username in the key.
If you already have a PGP key pair, it's OK to use it,
but it's also OK to generate a new key pair specifically
for Debian.
Copy your public key to a text file
When you have a key pair, copy the public key from
your personal key ring into a file called foo.asc
with the following command:
pgp -kxa 'your name' foo.asc
where 'your name' is the username you gave to PGP when
generating your key.
foo.asc is a text file, you can view it with any editor.
Do NOT modify it, or it will break.
Upload your key to PGP key servers
Upload the foo.asc file to the PGP key servers, to make
it easy for anyone to get your public key. The URL is:
http://www.pgp.net/pgpnet/
There are many PGP key servers, but they're linked to
each other, and it should be enough to upload your key to
just one server.
Exchange key signatures with other people
If possible, meet other Debian developers in person
and sign each other's keys. Geographical and economical
challenges often make this impossible, but if you can do
it, please do. Signing keys means verifying that the
key and the username belong together. The signatures
can allow other people to trust the key. (This is the
"web of trust" stuff the PGP manual explains about.)
Also exchange key signatures with many other PGP users.
It all helps to expand and strengthen the PGP web
of trust.
When your key is signed, the signatures are added to the
key. You need to upload your key again to the key servers
to make those signatures available for other people.
Getting your key into debian-keyring.pgp
When you release your package, you need to sign your
.changes file with PGP (dpkg-buildpackage does this
automatically). Send the signed .changes file to
the suitable Debian announcements list, e.g.,
debian-devel-announce@lists.debian.org.
If you have uploaded your key to the PGP key servers,
that should be all you need to do. I read the Debian
announcement lists, and fetch missing keys from the
key servers.
If I can't find your key in the key servers, I will
ask you for it.
Bug assigned to package `dpkg-dev'.
Request was from Christian Schwarz <schwarz@monet.m.isar.de>
to control@bugs.debian.org
.
(full text, mbox, link).
Severity set to `wishlist'.
Request was from Joel Klecker <jk@espy.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>
:
Bug#7399
; Package dpkg-dev
.
(full text, mbox, link).
Acknowledgement sent to Adam Di Carlo <apharris@burrito.onshore.com>
:
Extra info received and forwarded to list. Copy sent to Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>
.
(full text, mbox, link).
Message #14 received at 7399@bugs.debian.org (full text, mbox, reply):
severity 7399 fixed
severity 20909 fixed
severity 6134 fixed
thanks
These bugs have been fixed by the slipping off and the independant
maintenance of the debian-keyring package. NMUs of dpkg-dev have
removed the keyrings from this package.
.....A. P. Harris...apharris@onShore.com...<URL:http://www.onShore.com/>
Severity set to `fixed'.
Request was from Adam Di Carlo <apharris@burrito.onshore.com>
to control@bugs.debian.org
.
(full text, mbox, link).
Noted your statement that bug has been forwarded to ian@davenant.greenend.org.uk.
Request was from Ian Jackson <ian@davenant.greenend.org.uk>
to control@bugs.debian.org
.
(full text, mbox, link).
Bug closed, ack sent to submitter - they'd better know why !
Request was from Ben Collins <bcollins@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Mar 19 03:43:21 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.