[pkg-gnupg-maint] Bug#872368: gpgme: please adjust libgpgme11 dependency on gnupg package
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Aug 18 16:53:51 UTC 2017
Hi RjY--
On Fri 2017-08-18 13:51:29 +0100, RjY wrote:
> As a test I created an empty package to subvert the dependency and see
> if anything breaks. The control file was thus:
>
> Package: no-full-gnupg-install
> Maintainer: RjY <rjy at users.sourceforge.net>
> Architecture: all
> Version: 1
> Depends: gpg (>= 2.1.23-2)
> Recommends: gpg-agent (>= 2.1.23-2)
> Provides: gnupg (= 2.1.23-2)
> Description: No full GNUPG install
> This package "provides" gnupg, to avoid libgpgme11
> pulling in the full gnupg suite, until 872368 is fixed.
>
> This allowed installing only gpg and gpg-agent. So far, things still
> seem to be working as expected: mutt appears fine, I can still use gpg
> to encrypt/decrypt backups, and so on. It would still be good to get
> this fixed in src:gpgme, though!
This is a neat suggestion, but i'm not convinced it's a good idea.
In particular, if you don't have gpg-agent, you won't be able to do any
secret key operations. if you don't have dirmngr, network access will
fail.
gpgme aims to support all of those things. I *really* don't like the
idea of introducing those kinds of hard-to-debug failures. Furthermore,
GnuPG upstream prefers that we *don't* ship a bunch of separate
packages, they see the whole thing as a suite.
So let me ask you more about your motivation with this bug report here
-- are you interested in having fewer packages installed? less software
total? smaller disk images? something else?
The other package re-arrangement i've been flirting with on the gnupg2
source package is to go ahead and collapse *all* of the files shipped in
the binary packages together (with the exception of gpgv, which needs to
be separate and small for validation-only systems). That would make a
single package, so there would only be one dependency from gpgsm. It
would look less scary when you "apt install mutt", and it would be less
disk space (because of fewer copies of
/usr/share/doc/*/{copyright,changelog.gz,changelog.Debian.gz,etc…}).
Would that satisfy your goals? If not, why not?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170818/749ee1ef/attachment-0001.sig>
More information about the pkg-gnupg-maint
mailing list