[pkg-gnupg-maint] Bug#872368: gpgme: please adjust libgpgme11 dependency on gnupg package

[Pierre Ynard]

> Do you really think it's a violation of debian policy that gpgme
> explicitly Depends on the full gnupg suite?

I'm not sure, I suppose policy arbitration is a bit outside of my
skills. I think what's going on goes against the policy, and the current
state prevents any flexibility to handle the situation differently
through other means, such as package manager preferences or dependency
on higher level applications. I mentioned a few access libraries
above, I imagine for example libpulse0 on its own provides even less
functionality than libgpgme11 - that is, it allows binaries dynamically
linked against its shared object to load, and that's about it - yet
it merely has a Suggests: pulseaudio. It seems to me that quite a few
access libraries that are depended on due to dynamic link, work on that
same model.

> Would the following change satisfy your concerns?

Yes.

> Would you be willing to look out for (and help respond to) any bug
> reports that debian receives about users of gpgme (including, but not
> limited to, mutt users) who can no longer use their secret keys as
> expected?

No, and anyway I really don't have the expertise for it.

Is there any upgrade path that could unwittingly leave a user in this
situation? I don't think there was any "gpg" package before in a
release? Perhaps it would be better to put gnupg in Recommends too, is
that possible?

-- 
Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."