Hi
in the upgrade guidance there seems to be a typo: https://www.debian.org/releases/trixie/release-notes/upgrading.en.html
in 4.3.1. Adding APT Internet sources
The archive is configured to be:
Signed-By: /usr/share/keyrings/debian-archive-keyring.pgp
But the correct line should be:
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Or am I missing something here?
hede


--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

* 2026-03-05 08:07:16+0100, hede wrote:

in the upgrade guidance there seems to be a typo: https://www.debian.org/releases/trixie/release-notes/upgrading.en.html
in 4.3.1. Adding APT Internet sources

The archive is configured to be:
Signed-By: /usr/share/keyrings/debian-archive-keyring.pgp
But the correct line should be:
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

The "pgp" extension is correct because it is about OpenPGP key
(certificate) anyway. Program "gpg" (GnuPG) is an implementation of
OpenPGP standard. In this case both file extensions work. Let's check
the files:
$ ls -l /usr/share/keyrings/debian-archive-keyring.*
lrwxrwxrwx [...] /usr/share/keyrings/debian-archive-keyring.gpg -> debian-archive-keyring.pgp
-rw-r--r-- [...] /usr/share/keyrings/debian-archive-keyring.pgp
--
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: DD3B8E8ABD28B98176E6A7CCCC9A5E615FCC1D93
/ old key: 6965F03973F0D4CA22B9410F0F2CAE0E07608462


--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Am 05.03.26 um 09:17 schrieb Teemu Likonen:

The "pgp" extension is correct because it is about OpenPGP key
(certificate) anyway. Program "gpg" (GnuPG) is an implementation of
OpenPGP standard. In this case both file extensions work. Let's check
the files:

$ ls -l /usr/share/keyrings/debian-archive-keyring.*
lrwxrwxrwx [...] /usr/share/keyrings/debian-archive-keyring.gpg -> debian-archive-keyring.pgp
-rw-r--r-- [...] /usr/share/keyrings/debian-archive-keyring.pgp

That wasn't always the case. The filename extension changed recently
with trixie. So especially for an upgrade guidance like here, with
Debian bookworm at hand, the sane old default should be preferred.

I had the case where an upgrade has broken following the guidance
because there is no .pgp file while the .gpg file is present.

And btw. the standard is OpenPGP not pgp.

Ah, and btw: Please don't change things rashly because of emotions.
Maybe there's currently some controversies in the gpg vs. OpenPGP world
and some ppl tend to fight at places where they are mightful, but don't
let other users suffer from premature changes. There's nothing wrong
with having the .gpg extension in the upgrade guidance.

And please, please do not add an updated package to old bookwork just to
show us that .pgp is yet the one to get used here. That still will have several drawbacks...

ÿhede

--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

* 2026-03-06 10:18:42+0100, hede wrote:

Ah, and btw: Please don't change things [...]
And please, please do not add [...]

This is Debian users' mailing list: we are users and talk about Debian
usage and help each other. In my previous message I (a user) tried to
help you (a user) to understand why .pgp is logical file extension for
OpenPGP certificates (public keys).
Better audience for your "please do not's" would be Debian developers
and package maintainers. You could report a wishlist-tagged bug report
for relevant packages: release-notes, debian-archive-keyring. This can
be done with "reportbug" command.
--
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: DD3B8E8ABD28B98176E6A7CCCC9A5E615FCC1D93
/ old key: 6965F03973F0D4CA22B9410F0F2CAE0E07608462


--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Teemu Likonen <tlikonen@iki.fi> wrote:

Ah, and btw: Please don't change things [...]
And please, please do not add [...]

If that's all that you can read in my mail (as you only quoted this irrelevant portions of my text), a good option would maybe to save your breath and don't answer at all.ÿ
This is Debian users' mailing list
Correct. And I asked other users and answered to users. So what's the problem here?ÿ
Developers typically are also users so chances are high that also developers are present here. At least that's what I thought. And that's also the reasons I included additional[sic] information in my mail, just in case. If you have no use for it, you can safely ignore it.ÿ
Yet, if Debian developers really are no longer also users, this would indeed explain several things. *scnr*
In my previous message I (a user) tried to
help you (a user) to understand why .pgp is logical file extension for
OpenPGP certificates (public keys).
And my answer is that (and explained why) this is a bad idea in this case.ÿ Better audience for your "please do not's" would be Debian developers
and package maintainers. You could report a wishlist-tagged bug report
for relevant packages: release-notes, debian-archive-keyring. This can
be done with "reportbug" command.
That's a good point and already known to me. My intention was to pre-check if this really is a bug or if there is some better explanation. You indeed have a good explanation why this change probably was done in Debian and I even dropped a hint here why this happened now, but this explanation hardens my impression that this really is a bug in the release-notes.ÿ
(in detail, the following commit just 6 days ago: https://salsa.debian.org/ddp-team/release-notes/-/commit/25a00766680d8131fc71f3ba3c502d3e87692fdf )
Thanks
hede


--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

"David Wright" deblis@lionunicorn.co.uk ? 8. M„rz 2026 05:00

I don't understand why, when you upgraded to trixie, installing the
new version of debian-archive-keyring didn't ensure that there
was a .gpg file for every .pgp file in /usr/share/keyrings.
After all, debian-archive-keyring is a dependency of apt.

ÿ
If you are in the process of upgrading bookworm to trixie then your current system obviously is not trixie, it's probably bookworm. With bookworm the file extension was .gpg and no .pgp-file is present. So if you change the apt sources file to check the keyring file with a .pgp-extension, there is no such file (as only the .gpg-file is present). Therefore no package installation is possible, as no signatures can be checkt, hence you cannot update to the new debian-archive-keyring from trixie where the .pgp-files are present. A deadlock.ÿ

(I still don't follow why you need two extensions for the same
format.)

ÿ
There is no technical reason to do so, it is politics. But this is quite normal and hopefully will calm down anytime soon...
ÿ
Traditionally within Debian the filename extension was .gpg and technically the .gpg extension could be used forever. But there is some controversy in the PGP/OpenPGP/GnuPG-World. The IETF changes the OpenPGP standard in a way the GnuPG-guys, primarily the main developer, does not like. The result is some kind of a schism in the community with some of them on the one and some of them on other side. Quite typical. The gnupg guys even forked the OpenPGP standard to librePGP. And the Debian maintainers, which are responsible here, are changing the filename extention from .gpg to .pgp. This obviously reflects that they are on the OpenPGP-side. Like I said, this is politics and quite normal in our world.ÿ
ÿ
hede

--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

* 2026-03-08 09:46:23+0000, hede wrote:

If you are in the process of upgrading bookworm to trixie then your
current system obviously is not trixie, it's probably bookworm. With
bookworm the file extension was .gpg and no .pgp-file is present. So
if you change the apt sources file to check the keyring file with a .pgp-extension, there is no such file (as only the .gpg-file is
present). Therefore no package installation is possible, as no
signatures can be checkt, hence you cannot update to the new debian-archive-keyring from trixie where the .pgp-files are present. A deadlock.ÿ

That is indeed a bug in the release notes for Debian 12 to 13 upgrade.
The notes should be compatible with the previous Debian version's setup.
The release bug is worth fixing because there are probably still lots of
Debian 12 systems to be upgraded. It has been reported as: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129662
Luckily this bug does not apply anymore to the next version of the
notes, for Debian 13 to 14 upgrade. So its importance lessens all the
time. I hope the current notes are fixed, though.
--
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: DD3B8E8ABD28B98176E6A7CCCC9A5E615FCC1D93
/ old key: 6965F03973F0D4CA22B9410F0F2CAE0E07608462


--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Hi,

On Sun, Mar 08, 2026 at 09:46:23AM +0000, hede wrote:

Traditionally within Debian the filename extension was .gpg and
technically the .gpg extension could be used forever.

[?]

the Debian maintainers, which are responsible here, are changing the
filename extention from .gpg to .pgp. This obviously reflects that
they are on the OpenPGP-side. Like I said, this is politics and quite
normal in our world.

Isn't it more the case that, rather than being a petty action, this is
because the Debian tools will not use gpg for this any more and gpg
would not work, as it's specifically the Sequoia implementation of
OpenPGP they are switching to?

I have not studied the matter deeply and just trust Debian's own tools
to continue withing with Debian's infrastructure, but I was aware of the
schism and Debian choosing Sequoia because of the divergence. Apologies
if I have misunderstood.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)