I had 5 ways forward, I picked #6
1) don't sign. That's generally only acceptable for private packages
2) Make whomever edited the changelog last create signed .deb and .dsc.
This seems like a pain for whomever is developing the packages
3) Change the changelog to a uid in the signing.key. I did not like
taking credit away from whomever SHOULD be in the changelog
4) Have the distributing person add the changelog email address as
an additional uid in their pgp key... this sounds like bad practice
to me.
5) Build the .deb package, break it apart, manually sign, and re-
archive. While possible, seemed prone to failure in corner
cases down the road...
6) Use -p option of pgp to point to a script removing the the
--local-user option that was forcing the .deb to be signed by
the last developer of the changelog, not the person generating
the distributions. This seemed best...
Does not handle the public key yet in Debian
