[pkg-gnupg-maint] responsibility for libgcrypt and libksba
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Apr 14 01:26:43 UTC 2015
Hi Debian GnuPG and GnuTLS packaging teams--
I just did a review of GnuPG dependencies in debian, and i notice that
the GnuTLS packaging team has taken responsibility for libgcrypt and
libksba.
However, modern versions of GnuTLS don't use libksba or libgcrypt, since
GnuTLS switched to nettle for its cryptoprimitives.
I don't know that we have the bandwidth to maintain many more complex
package in the GnuPG packaging team, but it does seem a bit odd that the
GnuTLS team is stuck maintaining these packages that they aren't using
direclty.
libksba in particular appears to *only* be used by GnuPG2 at this point.
Is there a way that we can collaborate on these packages usefully?
--dkg
PS i very much appreciate Andreas' prompt action on the security fix for
libksba recently!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150413/6cf169c6/attachment.sig>
More information about the pkg-gnupg-maint
mailing list