Re: Bug#897642: RFS: gpgme1.0/1.11.1-1~bpo9+1
[Reduced the CC list]
Hello Roger,
Am 20.09.18 um 02:53 schrieb Roger Shimizu:
> And I'm not the maintainer of src:gnupg2. I just want to help
> Bug#906545, and upstream maintainer says patching stable version may
> be hard and backport may be easier.
>
> backports should be no harm since it uses ~bpo in version.
> So it's still feasible if pkg maintainer and release team decide to
> include a new major version into point release.
yes and no.
Technically it's no problem to provide gnupg2 through backports, the
downside is that users need to act here proactively and install this
package with some extra knowledge.
It's not that I'm against this, providing a package by backports is in
my eyes even better than providing nothing and pushing people to use
usptream releases directly (like enigmail e.g. for now).
...
> Did you report this situation to release team?
> I think if it's necessary and release team agree, gnupg2 maintainer
> can certainly help.
No, I haven't talked to the release team, I'm mostly in contact with the
security team by my involvement due the thunderbird package. And we did
have some conversation together with dkg as one of the maintainers of
enigmail and gnupg2. dkg has summarized the current problem with
enigmail and gnupg2 in #909000.
I'm the wrong person to make a judgment for doing a backport of gnupg2,
if ever one can something to this than this is Daniel or Eric. So in my
eyes it's better to ask the original package maintainer, maybe Daniel is
fine with an upload of gnupg2 to backports? And if yes it's probably
also o.k. then to upload a recent enigmail version to backports
afterwards. In the future it's later always possible to provide a newer
version through stable-security.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909000#15
--
Regards
Carsten Schoenert
Reply to: