[Pkg-gnupg-maint] Bug#545275: priority important package depending on optional one.
Andreas Metzler
ametzler at downhill.at.eu.org
Sun Sep 6 07:47:28 UTC 2009
Package: gnupg
Version: 1.4.10-1
Severity: serious
Hello,
the new gnupg now *depends* on libcurl3-gnutls. gnupg is priority
important and a part of base system since debian-archive-keyring
depends on it. (On a sidenote I am wondering whether splitting gpg
and gpgv still makes sense if apt requires the full gnupg package
anyway for apt-key.)
libcurl3-gnutls is only priority optional, breaking policy 2.5. Which
makes this a rc bug. I am reporting this against gnupg instead of
ftp.debian.org since I am not sure about the proper workaround.
There are two ways to fix this:
#1 Bump libcurl3-gnutls priority. libcurl3-gnutls itself depends on
ca-certificates (optional) which again depends on openssl (optional).
I am pretty sure we do not want to bump openssl's priority,
libcurl3-gnutls should instead downgrade its dependency on
ca-certificates to a suggests.
#2 Get rid of gnupg's dependency on libcurl3-gnutls. This seems to
require quite a bit of effort. If gnupg is built with curl support it
is using curl even for hkp keyservers. You could perhapsr build gnupg
twice (once to get a gpgkeys_hkp without curl and then a second time
for gpgkeys_curl), but I have no idea whether this might actually
produce working binaries or a subtly broken configuration, it is not
something supported upstream.
OTOH you could downgrade libcurl3-gnutls
to a recommends, requiring installation of recommends for *any*
keyserver support. - I doubt people would love you for that.
The third posibilty is to stop linking against curl again, reopening
LP: #62864 and putting the decision off until upstream implents this
plan:
NEWS:
|Noteworthy changes in version 1.4.3 (2006-04-03)
[...]
| To force building the old pre-cURL keyserver helpers, use the
| configure option --enable-old-keyserver-helpers. [...] Note also that
| a future version of GnuPG will remove the old keyserver helpers
| altogether.
cu andreas
PS: cc-ing libcurl3-gnutls(at)packages.debian.org
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnupg-maint
mailing list