[pkg-gnupg-maint] Don't ship gnupg1 with bullseye
Dominic Hargreaves
dom at earth.li
Tue Feb 2 10:00:42 GMT 2021
On Tue, Feb 02, 2021 at 10:26:55AM +0100, Julien Cristau wrote:
> On Tue, Feb 02, 2021 at 09:45:42AM +0100, Christoph Biedl wrote:
> > IMnsHO it's a bad idea to remove gnupg1 any time soon. While it
> > certainly should not be used for encryption, it's still needed when
> > dealing with older keys. Quoting the package description: "It is
> > provided mainly for people with the need to use archaic cryptographic
> > objects like PGPv3 keys to access archived messages."
> >
> > So unless it's really broken or likewise RC, it should be kept.
> >
> Agreed. It's great that no package uses it anymore, but that doesn't
> mean some users won't need it to deal with legacy bits.
If it is to stay in Debian indefinitely, I'd suggest we still
remove libgnupg-perl and drop support from libgnupg-interface-perl[1]
and libpgp-sign-perl. I'm more comfortable with it being there as a
standalone binary to be invoked by users to read old data than I am
having a programmatic interface being exposed. It sounds like we need
some more strong warnings about which part of the package should and
shouldn't be used, too (or is that already built into the binary?)
[1] Thanks Andrew for already doing the work for that!
More information about the pkg-gnupg-maint
mailing list