Debian using ed25519 APT repo meta data (Re: Ditching OpenPGP, a new approach to signing APT repositories)

Bernhard Reiter bernhard at
Wed Jun 30 09:05:45 CEST 2021

Am Dienstag 29 Juni 2021 19:00:00 schrieb Konstantin Ryabitsev via 
> Yes, but speaking from personal experience, integrating libsodium into your
> automation is significantly easier than almost any other option. Let Debian
> folks do what makes most sense for their needs -- what they are doing is
> certainly not wrong or heading in the wrong direction.

Sure, there are enough reasons to not use a standardized "packaging" protocol.
It comes with risks of course, but if it is well understood, it is much 
simpler. The problem with the draft wiki page is that others use it to push
their agenda of antagonising OpenPGP and Debian without understanding the 
technical matter. So having giving more context and a better fitting headline 
would clarify this.


--   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Gnupg-users mailing list