[pkg-gnupg-maint] Bug#1022702: Bug#1022702: I volunteer to maintain GnuPG and friends in the long-term

[Werner Koch]

Hi!

On Thu, 27 Jul 2023 15:24, NIIBE Yutaka said:

> - ... and default keyserver choice:
>   debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch

FWIW, if you need to change the default, the proper location is
/etc/gnupg/dirmngr.conf and not a source code patch.

> - And for the specific keyserver, there are local changes:
>   debian/patches/import-merge-without-userid/

Which breaks the gnupg policy and are harmful for the entire ecosystem.
There is a reason that we we use a syncing keyserver instead of the x-th
attempt to for a "verifying" keyserver onto PGP users.

> - Upstream deprecates systemd support, which was originally introduced
>   in Debian version.  Perhaps, we will need a Debian local patch for
>   this.

The problem here is that GnuPG has its own way to start its agents.
Using systemd activation here introduces races because you can't have
two (advisory) locking systems where each does not know about the other.
For an engineering POV we can't switch to socket activation for
portability reasons.  Keep in mind that the heaviest desktop users of
gpg are on Windows and we tried hard to keep changes as small as
possible.  That benefits all users: On Linux, AIX, *BSD and Windows.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20230727/f404e2f0/attachment.sig>