[pkg-gnupg-maint] Bug#1091200: override: gpgv:utils/optional
Andreas Metzler
ametzler at bebt.de
Sat Jan 4 12:27:41 GMT 2025
On 2025-01-04 Sean Whitton <spwhitton at spwhitton.name> wrote:
> On Mon 23 Dec 2024 at 01:17pm +01, Julian Andres Klode wrote:
[...]
>> The gpgv tool is no longer used by apt as of the 2.9.19 upload.
>> It is the only thing left pulling in libgcrypt and whole bunch
>> of GnuPG packages into a standard debootstrap.
>> I suggest demoting it to optional. I do not believe use of gpgv
>> by users is super wide-spread that it warrants standard priority.
> Generally it is helpful in bootstrapping situations to verify, e.g.,
> checksums for ISOs, and the like.
> What do the gpg maintainers think?
Hello,
checking an installation medium's signature would happen
before/instead of debootstrap so I do not see how that is relevant for
keeping gpgv standard. In the longer term I hope to see a move to using
a stateless interface for verification.
Active gnupg users will install the gnupg metapackage which recommends
gpgv so it will be installed anyway.
I fail to see why gpgv's priority cannot be demoted.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250104/33744e1d/attachment.sig>
More information about the pkg-gnupg-maint
mailing list