Current status ?

[Ian Jackson]

This may sound like a presumptuous question, but how ready for
production use is gpg ?  I see that there is a Debian package for it,
which I'm considering installing and using.

Should I worry that (for example) the key generation will have poor
properties, or that there might still be implementation bugs which
would cause signatures to leak my key ?

If so then I ought not to generate and publish my long-term DSA key
yet.  If not then I probably should.

Thanks,
Ian.