Please send replies to me, if you want me to read them, since I'm not subscribed to the debian-devel list. Thanks. I would like to give the PGP 2.6.3 packages to someone else to maintain. I find I have too little free time to hunt down the non-trivial bugs reported to the bug system, and I'm not sure I can stomach the PGP source code much longer anyway. There is no immediate hurry to find a new maintainer: I will not orphan PGP until after hamm is released. After that, however, I wish to get away from PGP, and after that it becomes somewhat urgent, given PGP's importance. The new maintainer needs to * live in the free world, as far as crypto policies are concerned, * be well enough known and trusted, since PGP is critical for Debian security, * understand basic computer security and the general principles of crypto, * not mind hacking on non-free code of low quality, and * resist the urge to fix what isn't broken, to make minimize the risk of security holes. (I admit I don't fill all those criteria myself.) I'll leave it to the powers that be to decide on the new PGP maintainer; I don't think I'm qualified enough to do that. I would also like to suggest that Debian helps Gnupg or some other PGP replacement mature as quickly as possible. It is not good PR for Debian to rely heavily on non-free software and PGP is cleary non-free quite aside from the crypto policy issues.
Attachment:
pgpBxfpA17S1I.pgp
Description: PGP signature