[pkg-gnupg-maint] Bug#872368: gpgme: please adjust libgpgme11 dependency on gnupg package

Pierre Ynard linkfanel at yahoo.fr
Wed Nov 29 20:48:01 UTC 2017


> Perhaps we need to consider shipping the same software (the full GnuPG
> suite) in a single, monolithic package.  That way, there won't be any
> "new packages" for people to be upset about.
> 
> The current package split is designed to try to accomodate people who
> really want a minimalist installation.  However, it appears that it is
> antagonizing those same people, so it might not be worth maintaining.
> Would you be happier if there were fewer binary packages?

I understand your efforts to offer flexibility, and the challenges
to get it to work right and the maintenance burden implied - and I
appreciate your looking into this.

However that sounds like a rather unfriendly proposition, especially
at this point. It essentially sounds like the same bloat would still
be there, except less visible, except people would just never know
about it, and so couldn't be upset about it. Also way to go solving
the problem of uninstallable packages by removing the option of having
separate packages to begin with... I was complaining about a lack of
freedom to choose what I don't want to install, and you make me an offer
for even less freedom and choice.

What antagonizes me is when I read in the changelog things that are for
my use case bloat creep. It only mildly antagonize me an upgrade prompts
for new extra packages; what really antagonize me is then when I look
into it and see no option out of it because of the dependency creep
hell.

> reasonable mail user agents are doing exactly that. Please see
> https://autocrypt.org/ for more discussion of this approach. If you
> would like to encourage the Mutt developers to consider the Autocrypt,
> that would be great!

What do you want me to reply... that I'm sorry for using an unreasonable
MUA, mutt, which must be making me out of touch from what encryption
should be?...

> As for "new services", there are *no* new services started by any of
> these packages on a standard debian system if the functionality is
> not requested. There are sockets opened by the user's systemd session
> manager, but the services themselves do not run unless someone tries
> to access them. If they try to access them, then presumably that
> implies that they want them installed, no?

No; that view is not very conservative. It could be a mistake or
something inadvertent from the user; an exploit attempt; a bug or a
corner case, a test gone wrong; or something enabled by the maintainer
or packager who decided it was best for the average user, that the
system administrator doesn't agree with.

> The fact is, libgpgme explicitly fails in many use cases if gpg-agent
> or dirmngr are not available. This partial, unpredictable failure is
> not acceptable for a library package.

I don't see how. That's normal error handling, and the very reason
for error handling. Every time I start vlc, the pulseaudio audio
output plugin is probed, and libpulse0 throws a failure because it
can't connect to the PulseAudio server, which is not installed on my
system. By that logic it would be unacceptable for libpulse0 to be
installed without the full pulseaudio, unacceptable for libsystemd0 to
be installed without a systemd init, unacceptable for libudev0 to be
installed without udev... Oh the tyranny of pervasive access libraries,
imagine that.

> I see no reason to inflict this on users by default, which is what is
> likely to happen for anything using gpgme on debian if the library
> package does not explicitly depend on the full suite.

Besides my above comparison, how about the reason that it violates the
Debian policy?? I've brought it up several times in this thread already,
and nobody has denied it. Does nobody care about honoring the policy on
dependencies? You're making me depressed, it's like you're not listening
to me.

Regardless, once again, I've made several suggestions that would leave
them installed by default like you mentioned. Nobody has denied that it
would be a positive solution for everybody.

-- 
Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."



More information about the pkg-gnupg-maint mailing list