[pkg-gnupg-maint] Bug#1091200: override: gpgv:utils/optional
Sean Whitton
spwhitton at spwhitton.name
Sat Jan 4 18:03:11 GMT 2025
Hello,
On Sat 04 Jan 2025 at 01:27pm +01, Andreas Metzler wrote:
> On 2025-01-04 Sean Whitton <spwhitton at spwhitton.name> wrote:
>> On Mon 23 Dec 2024 at 01:17pm +01, Julian Andres Klode wrote:
> [...]
>>> The gpgv tool is no longer used by apt as of the 2.9.19 upload.
>>> It is the only thing left pulling in libgcrypt and whole bunch
>>> of GnuPG packages into a standard debootstrap.
>
>>> I suggest demoting it to optional. I do not believe use of gpgv
>>> by users is super wide-spread that it warrants standard priority.
>
>> Generally it is helpful in bootstrapping situations to verify, e.g.,
>> checksums for ISOs, and the like.
>
>> What do the gpg maintainers think?
>
> Hello,
>
> checking an installation medium's signature would happen
> before/instead of debootstrap so I do not see how that is relevant for
> keeping gpgv standard. In the longer term I hope to see a move to using
> a stateless interface for verification.
>
> Active gnupg users will install the gnupg metapackage which recommends
> gpgv so it will be installed anyway.
>
> I fail to see why gpgv's priority cannot be demoted.
Thanks for the feedback.
The sort of situation I had in mind was where you have a Debian system
and not much else and you are trying to bootstrap to more; having gpgv
available can be helpful.
Anyway, I'll go ahead with the demotion.
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20250104/cc19e331/attachment.sig>
More information about the pkg-gnupg-maint
mailing list