[Pkg-gnupg-maint] gnupg 2.1.0 in debian experimental

Eric Dorland eric at debian.org
Fri Nov 7 00:45:36 UTC 2014 

* Daniel Kahn Gillmor (dkg at fifthhorseman.net) wrote:
> hey folks--
> 
> i uploaded the 2.1.0 release of gnupg2 to debian experimental today.
> 
> here's my blog post about it:
> 
>  https://www.debian-administration.org/users/dkg/weblog/110

Thanks for all your work on this and publicizing it.

> The middle section of the blog post talks about the unfortunate timing
> for the debian freeze, and points out that i'm not currently seeking to
> put this package into jessie.
> 
> however, if other folks on the team are willing to consider supporting
> 2.1.x as gnupg2 for jessie instead of 2.0.x for gnupg2 for jessie, then
> i'd be willing to consider bringing it up to the release team.  This
> would mean we'd have a chance at being able to deal with ECC OpenPGP in
> jessie.
> 
> It's possible that the release team will say "no way", of course, and
> that will probably settle the matter.
> 
> What do y'all think?  Is this worth considering?  what are the tradeoffs?

My 0.02CAD is that trying to get gnupg 2.1 into jessie would be a bit
premature. Despite dropping the beta moniker 2.1 doesn't have a lot of
road miles on it and makes a lot of compatibility changes. Even the
release announcement for 2.1 says "GnuPG "stable" (2.0) is the
current stable version for general use". I think users are going to
need a bit more time to adjust and shake out more bugs.

I think the plan should be:

1. Until jessie is released, keep uploading to experimental.
2. Once we're unfrozen drop 2.1 into unstable and out to more people.
3. If #2 doesn't cause too many issues, push for 2.1 to become *the*
   gnupg package and move gpg 1.4 into a gnupg1 package for the jessie+1
   release.

There was a bug to make gnupg and gnupg2 export alternatives for
/usr/bin/gpg but I think given the backwards compatibility issues that
doesn't make sense anymore and we should just push the new version as
the default.

This plan does mean we'll have to support the 1.4, 2.0 (in stable) and
the 2.1 (in unstable) branches for the next two years, which is a
little painful. Werner appears to committing to supporting all 3
branches though for the time being so this shouldn't be too bad.

We can also always make backports for jessie for 2.1 if there's
interest.

-- 
Eric Dorland <eric at kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20141106/63e8837a/attachment.sig>

More information about the Pkg-gnupg-maint mailing list