Thanks to Adam for your ongoing work on the stable releases!
I just wanted to clarify a few points here.
On Tue 2018-10-23 08:57:08 +0100, Adam D. Barratt wrote:
An issue is that the gnupg update itself doesn't really qualify for
stable-updates any more than it qualifies for stable-security. The
changes to gnupg itself are at best security improvements, which isn't
justification for forcing all stretch users to install the new version
as a matter of urgency - indeed, if the new version of enigmail
weren't
relying on new functionality no-one would be suggesting pushing gnupg
so
urgently - nor, I imagine, backporting all of the mentioned features.
I would be pushing for a stable point release for GnuPG at least for
the
cryptographic defaults refresh, and the series of minor bugfixes that
resolve outstanding problems.
If that's the case, then either debian's policies or practices need to
change, or debian needs to get a more capable maintainer for GnuPG who
can figure out how to effectively navigate or avoid what feels like a
buck-passing deadlock between two (maybe three)
overworked/underresourced teams. I welcome any help in that regard.