Help - One more Question

Question: I'm a software developer for linux and I want to use CAcert/openssl to distribute my packages with detached signatures, is this possible and why would I do this over PGP/GPG detached signatures?

I'll anwser the why part first, as that's reasonably easy. The short answer is it takes most of the key handling responsibilty away from you and/or your group. If you need to revoke your key for any reason (such as a developer leaving the project) it won't effect your ability to revoke the existing key or keys, and issue new ones.