You can now fetch the OpenPGP certificate for any Debian developer who
uses an @debian.org e-mail address using Web Key
Directory
(WKD).
With modern GnuPG, if you're interested in the OpenPGP certificate for
dkg just do:
gpg --locate-keys dkg@debian.org
By default, this …
I wrote yesterday about a recent OpenPGP certificate flooding attack, what I think it means for the ecosystem, and how it impacted me. This is a brief followup, trying to zoom out a bit and think about why it affected me emotionally the way …
My public cryptographic identity has been spammed to the point where it is unusable in standard workflows. This blogpost talks about what happened, what I'm doing about it, and what it means for the broader ecosystem.
If you work with me and you use OpenPGP certificates to …
I've scrapped my first try at a new OpenPGP certificate for 2019 (the one I published yesterday). See the history discussion at the bottom of this post for details. This blogpost has been updated to reflect my revised attempt.
My old OpenPGP certificate will …
In my work at the ACLU, we fight for civil rights and civil liberties. This includes the ability to communicate privately, free from surveillance or censorship, and to control your own information. These are principles that I think most free software developers would agree with. In that vein, we just …
Analysis of usability and mechanics of cryptographic protection in e-mail
The GNU Privacy Guard (GnuPG) upstream team maintains three branches of development: 1.4 ("classic"), 2.0 ("stable"), and 2.1 ("modern").
They differ in various ways: software architecture, supported algorithms, network transport mechanisms, protocol versions, development activity, co-installability, etc.
Debian currently ships two versions of GnuPG in every maintained …
I encourage anyone interested in debian development to get involved with the Reproducible Builds project. My own project is to try to diagnose (and hopefully provide patches for) two unreproducible packages a week. Maybe you can do one package a week?
Reproducible Builds is another example of the kind of …
When paultag recently announced a project to try to move debian infrastructure to python3, my first thought was how large that undertaking would likely be. It seems like a classic engineering task, full of work and nit-picky details to get right, useful/necessary in the long-term, painful in the short-term …
I just took a few minutes to write up my preferred Debian packaging practices.
The basic gist is that i like to use git-buildpackage (gbp) with the
upstream source included in the repo, both as tarballs (with
pristine-tar branches) and including upstream's native VCS history
(Joey's arguments about syncing with …