[pkg-gnupg-maint] Bug#911189: Bug#911189: gpgme-json packaging
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Aug 1 07:56:31 BST 2024
Hi Sébastian--
I understand your frustration -- it's a frustrating situation.
I've been the only one stepping up to make policy-style changes in the
past several years, and i'm overwhelmed by several things related to the
json interface:
- the technical complexity of the GnuPG architecture,
- the security implications of connecting GnuPG to your web browser, to
your overall session, and possibly to the network generally; and
- the fraught cryptographic decisions by GnuPG upstream about
interoperability (e.g., see https://dev.gnupg.org/T6481),
standards (e.g., see https://eprint.iacr.org/2024/1110), and
reliability (e.g., see https://dev.gnupg.org/T7137); and
- the overall hostility GnuPG has shown toward longtime contributors
and collaborators, including myself (it's challenging to work with a
hostile upstream!)
On Wed 2024-07-17 11:52:06 +0200, Sébastien Noel wrote:
> What are my options to improve things ?
If you'd like to join the team packaging GnuPG-related tooling for
Debian, that would be great!
The first step is probably to update the packaging of gpgme to 1.23.2,
which Andreas has prepared in salsa (currently on the branch
tmp-ametz-debian/experimental). Thank you Andreas! That work looks
solid to me, and i'd recommend moving it to the debian/experimental
branch.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20240801/fb730972/attachment.sig>
More information about the pkg-gnupg-maint
mailing list