[pkg-gnupg-maint] responsibility for libgcrypt and libksba

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Apr 14 01:26:43 UTC 2015

Hi Debian GnuPG and GnuTLS packaging teams--

I just did a review of GnuPG dependencies in debian, and i notice that
the GnuTLS packaging team has taken responsibility for libgcrypt and

However, modern versions of GnuTLS don't use libksba or libgcrypt, since
GnuTLS switched to nettle for its cryptoprimitives.

I don't know that we have the bandwidth to maintain many more complex
package in the GnuPG packaging team, but it does seem a bit odd that the
GnuTLS team is stuck maintaining these packages that they aren't using

libksba in particular appears to *only* be used by GnuPG2 at this point.

Is there a way that we can collaborate on these packages usefully?


PS i very much appreciate Andreas' prompt action on the security fix for
   libksba recently!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150413/6cf169c6/attachment.sig>

More information about the pkg-gnupg-maint mailing list