Use pgp instead of gpg when referring to keyrings and pathnames (Closes: #1101418). Thanks to Guillem for the work put into this!

These keyrings and pathnames contain OpenPGP certificates, and are
not vendor specific, so naming them with an extension after GnuPG in
detriment to the other multiple OpenPGP implementations does not
promote the interoperability one would expect from that ecosystem.

Given that these files are API, and will have external references,
we add backwards compatibility symlinks for now for the .deb package
but hardlinks for now for the infrastructure (to not entangle these
changes), but which should be considered deprecated and should eventually
(in the future) be obsoleted and removed.

Makefile

@@ -1,17 +1,22 @@
 OUTPUT_MEMBER_KEYRINGS := \
-	output/keyrings/debian-keyring.gpg \
-	output/keyrings/debian-nonupload.gpg \
-	output/keyrings/debian-role-keys.gpg \
+	output/keyrings/debian-keyring.pgp \
+	output/keyrings/debian-nonupload.pgp \
+	output/keyrings/debian-role-keys.pgp \
 	# EOL
 
 OUTPUT_KEYRINGS := \
 	$(OUTPUT_MEMBER_KEYRINGS) \
-	output/keyrings/debian-maintainers.gpg \
-	output/keyrings/emeritus-keyring.gpg \
+	output/keyrings/debian-maintainers.pgp \
+	output/keyrings/emeritus-keyring.pgp \
+	# EOL
+
+OUTPUT_COMPAT_KEYRINGS := \
+	$(patsubst %.pgp,%.gpg,$(OUTPUT_KEYRINGS)) \
 	# EOL
 
 OUTPUT_FILES := \
 	$(OUTPUT_KEYRINGS) \
+	$(OUTPUT_COMPAT_KEYRINGS) \
 	output/sha512sums.txt \
 	output/README \
 	output/changelog \
@@ -19,8 +24,17 @@ OUTPUT_FILES := \
 
 all: $(OUTPUT_FILES)
 
-output/keyrings/%.gpg: %-gpg %-gpg/0x*
-	cat $*-gpg/0x* > $@
+output/keyrings/%.pgp: %-pgp %-pgp/0x*
+	cat $*-pgp/0x* > $@
+
+# FIXME: To have a smooth transition, for now we hardlink the keyrings, so
+# that we do not entangle the Debian infrastructure updates that would need
+# to cope with the symlinks, from the Debian packaging updates for the
+# archive. Once the infra is updated we can switch from the first command
+# to the second commented command.
+output/keyrings/%.gpg: output/keyrings/%.pgp
+	ln -f $< $@
+#	ln -sf $(<F) $@
 
 output/sha512sums.txt: $(OUTPUT_KEYRINGS)
 	cd output; sha512sum keyrings/* > sha512sums.txt
@@ -32,11 +46,11 @@ output/changelog: debian/changelog
 	cp debian/changelog output/
 
 output/openpgpkey: $(OUTPUT_MEMBER_KEYRINGS)
-	cd output && ../scripts/update-keyrings build-wkd debian.org keyrings/debian-keyring.gpg keyrings/debian-nonupload.gpg keyrings/debian-role-keys.gpg
+	cd output && ../scripts/update-keyrings build-wkd debian.org keyrings/debian-keyring.pgp keyrings/debian-nonupload.pgp keyrings/debian-role-keys.pgp
 
 test: all
 	./runtests
 
 clean:
-	rm -f output/keyrings/*.gpg output/sha512sums.txt output/README output/changelog output/keyrings/*~
+	rm -f output/keyrings/*.pgp output/keyrings/*.gpg output/sha512sums.txt output/README output/changelog output/keyrings/*~
 	rm -rf gpghome output/openpgpkey

README

@@ -11,8 +11,8 @@ Debian project maintains OpenPGP keyrings with keys of
 Debian developers.  This is the README for these keyrings.
 
 
-Background: OpenPGP and GnuPG
------------------------------
+Background: OpenPGP
+-------------------
 
 OpenPGP is a cryptographic standard that defines certificate formats,
 signature formats, and encryption formats.  For debian, we rely
@@ -20,19 +20,19 @@ heavily on the signature formats, and we keep our developers'
 credentials in OpenPGP certificate formats, aggregated into
 "keyrings", which are just concatenated files of OpenPGP certificates.
 
-These keyrings have a suffix of .gpg, reflecting our use of GnuPG (the
-GNU Privacy Guard), the most widely-used free software implementation
-of OpenPGP.
+These keyrings have a suffix of .pgp, reflecting our use of OpenPGP,
+while for now we provide backward compatibility symlinks with a .gpg
+suffix for historical reasons.
 
 Some older OpenPGP implementations used cryptography that is now
 considered weak, so we strongly encourage you to migrate to a strong
 (2048 bit or greater, current standard is 4096, RSA-based) OpenPGP
 key.
 
-Getting debian-keyring.gpg
+Getting debian-keyring.pgp
 --------------------------
 
-The current version of debian-keyring.gpg is always available via
+The current version of debian-keyring.pgp is always available via
 rsync from keyring.debian.org (module keyrings).
 
 There is also a (possibly slightly out-of-date) version available on
@@ -55,7 +55,7 @@ Using the debian-keyring with gpg
 
 Add these lines to the bottom of your ~/.gnupg/gpg.conf[1] file:
 
-keyring /usr/share/keyrings/debian-keyring.gpg
+keyring /usr/share/keyrings/debian-keyring.pgp
 
 GPG cannot modify keys in these root-owned files.  In order to edit or
 sign keys in the Debian keyring you will first need to import them to
@@ -143,22 +143,22 @@ somewhere in the subject line.
 What the keyrings are
 ---------------------
 
- o debian-keyring.gpg
+ o debian-keyring.pgp
 
     This is the canonical Debian Developers (DD) keyring.  Anyone who
     has a key in here is an uploading Debian Developer.
 
- o debian-maintainers.gpg
+ o debian-maintainers.pgp
 
    The keyring for Debian Maintainers (DM). Anyone who has a key in
    here is a Debian Maintainer.
 
- o debian-nonupload.gpg
+ o debian-nonupload.pgp
 
    This is the keyring for Debian Developers (nonuploading). Anyone
    who has a key in here is a nonuploading Debian Developer.
 
- o debian-role-keys.gpg
+ o debian-role-keys.pgp
 
     This is the keyring used to contain role account keys, such as
     "ftp-master" (it contains the key used to sign the Release files
@@ -171,7 +171,7 @@ the source package or on keyring.debian.org.  It is very strongly
 recommended that you do not use or rely on keys in these keyrings for
 verification purposes.
 
- o emeritus-keyring.gpg
+ o emeritus-keyring.pgp
 
     This is the keyring of emeritus developers; i.e. those who have
     resigned, retired, passed away or are otherwise inactive.

cheatsheets/keyring/adding_dm.txt

@@ -47,7 +47,7 @@ Adding a DM key
 
   $ gpg --export 6B1BAEC2CA5D4EA7439803612DCE3F2836D4E4F5 > /tmp/key
 
-  $ ./scripts/add-key /tmp/key debian-maintainers-gpg/
+  $ ./scripts/add-key /tmp/key debian-maintainers-pgp/
   (...)
       # A screen listing all of the applicant's signatures which are
       # in the Debian keyring appears. At very least, one DD should
@@ -58,7 +58,7 @@ Adding a DM key
       # E1C21845 
   Are you sure you want to update this key? (y/n)
   y
-  adding debian-maintainers-gpg/0x2DCE3F2836D4E4F5
+  adding debian-maintainers-pgp/0x2DCE3F2836D4E4F5
 
       # Note this addition in debian/changelog - Just make sure before
       # doing this you are not modifying an already uploaded changelog

cheatsheets/keyring/pulling_hkp_changes.txt

@@ -17,17 +17,17 @@ commit them at some point soon.
 
 So, to import the HKP updates, we pull the keyrings first from:
 
-    kaufmann.debian.org:/srv/keyring.debian.org/keyrings-new/debian-{keyring,nonupload,maintainers}.gpg
+    kaufmann.debian.org:/srv/keyring.debian.org/keyrings-new/debian-{keyring,nonupload,maintainers}.pgp
 
 and second, from:
 
-    kaufmann.debian.org:/srv/keyring.debian.org/pending-updates/debian-{keyring,nonupload,maintainers}.gpg
+    kaufmann.debian.org:/srv/keyring.debian.org/pending-updates/debian-{keyring,nonupload,maintainers}.pgp
 
-$ scp kaufmann.debian.org:/srv/keyring.debian.org/keyrings-new/debian-{keyring,nonupload,maintainers}.gpg .
-debian-keyring.gpg        100%   30MB   2.5MB/s   00:12    
-debian-maintainers.gpg	  100% 1058KB 529.1KB/s   00:02    
-debian-maintainers.gpg	  100%   48KB  59.6KB/s   00:00    
-$ for i in keyring nonupload maintainers; do ./scripts/pull-updates debian-${i}.gpg debian-${i}-gpg/
+$ scp kaufmann.debian.org:/srv/keyring.debian.org/keyrings-new/debian-{keyring,nonupload,maintainers}.pgp .
+debian-keyring.pgp        100%   30MB   2.5MB/s   00:12    
+debian-maintainers.pgp	  100% 1058KB 529.1KB/s   00:02    
+debian-maintainers.pgp	  100%   48KB  59.6KB/s   00:00    
+$ for i in keyring nonupload maintainers; do ./scripts/pull-updates debian-${i}.pgp debian-${i}-pgp/
 (...a long list of keys later...)
 Updated keys are:
 0x8351C3C268AC5746  0xE5273D986BE3C423  0xED1A3933B2CFCDD8

cheatsheets/keyring/removing_dd_key.txt

@@ -8,7 +8,7 @@ Some more verbosity would not hurt... Anyway, little is better than none.
 | # Deal with RT #142
 | # Straightforward resignation, debian-private mail confirmed,
 | # move key to emeritus
-| ./script/move-key 0xFCF6DD4539CCF0C7 emeritus-keyring-gpg/
+| ./script/move-key 0xFCF6DD4539CCF0C7 emeritus-keyring-pgp/
 
 The move-key script will move the key from any of the active keyrings
 it is currently located on.
@@ -33,4 +33,4 @@ Move 0xFCF6DD4539CCF0C7 (Akira TAGOH) to emeritus (RT #142)
 
 Eventually, the MIA team comes up with a list of people not answering
 to the WAT ping (Where Are They?). The main difference for us is that,
-instead of moving the key to emeritus-keyring-gpg, it is removed entirely.
+instead of moving the key to emeritus-keyring-pgp, it is removed entirely.

cheatsheets/keyring/updating_dd_key.txt

@@ -77,10 +77,10 @@ Updating a DD key
   0xFCB0BB5C5F1FBF70 Giovanni Mascellani <gio>
       # Old keys are removed from the repository.
 
-  $ git rm debian-keyring-gpg/0xFCB0BB5C5F1FBF70
-  rm 'debian-keyring-gpg/0xFCB0BB5C5F1FBF70'
+  $ git rm debian-keyring-pgp/0xFCB0BB5C5F1FBF70
+  rm 'debian-keyring-pgp/0xFCB0BB5C5F1FBF70'
 
-  $ ./scripts/add-key /tmp/key debian-keyring-gpg/
+  $ ./scripts/add-key /tmp/key debian-keyring-pgp/
       # A screen listing all of the requester's signatures which are
       # in the Debian keyring appears. At very least, two DD should
       # have signed his key, unless specific reasons
@@ -91,7 +91,7 @@ Updating a DD key
       # it. 
   Are you sure you want to update this key? (y/n)
   y
-  adding debian-keyring-gpg/0x9EDCC991D9AB457E
+  adding debian-keyring-pgp/0x9EDCC991D9AB457E
   Enter full name of new key: Giovanni Mascellani
   Enter Debian login of new key: gio