[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uploaded dpkg (source i386 all) to master

Package: dpkg-dev
Severity: important


>>"J" == J H M Dassen <jdassen@wi.leidenuniv.nl> writes:

 J> On Fri, Sep 18, 1998 at 06:52:16PM +0200, Wichert Akkerman wrote:
 >> Previously jdassen@wi.leidenuniv.nl wrote:
 >> >    * Added gpg (GNU Privacy Guard) support:
 >> >      * scripts/buildpackage.sh: default to GPG (unless no GPG, but only
 >> >        a PGP secret key file is found), as GPG, unlike PGP, is DFSG-free.

 >> Please reconsider this: this would mean all packages will be rejected
 >> since dinstall doesn't support GPG yet.

	I think this is a important, if not grave, bug in dpkg. Any
 move of this magnitude should be discussed, possibly written into
 policy, and care should be taken that the rest of the system is ready
 for it. 

	Secondly, gpg is not yet stable enough to be used in general;
 I think we are jumping the gun with this.

 J> I've made patches for this; they're either already in Guy's mailbox, or will
 J> be soon.

	That is not good enough. Until dinstall is in place, the
 default should be with pgp. As such, dpkg is broken.

 >> I understand you feel we should use DFSG-free software (and agree), but I
 >> think you are going a bit too fast here.

 J> If GPG signing cannot be done, the code falls back to using PGP. If GPG
 J> signing can be done, but you wish to use PGP signing, you can use the
 J> argument "-ppgp -spgp".

	I have a gpg key that I am using to play with gpg (so I do
 have a basis for my judgement that gpg is not yet ready for

	dpkg should not make changes of this magnitude without
 discussion and approval of the policy group.

	I must say I am getting concerned about the numerous NMU's for
 a package as important as dpkg, and such ill considered changes are
 rather the last straw. Ian mentoned recently that dpkg has come to
 the top of his list of things to do, perhaps he should rein in all
 these NMU's floating around?


 The mother of the year should be a sterilized woman with two adopted
 children. Paul Ehrlich
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to: