Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master

To: srivasta@datasync.com
Cc: debian-devel@lists.debian.org
Subject: Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
From: jdassen@wi.leidenuniv.nl
Date: Mon, 21 Sep 1998 20:57:05 +0200
Message-id: <[🔎] 19980921205705.40885@wi.leidenuniv.nl>
In-reply-to: <[🔎] 87g1dlfg7f.fsf@tiamat.datasync.com>; from Manoj Srivastava on Mon, Sep 21, 1998 at 01:55:48PM -0500
References: <E0zL4SD-00068m-00@penguin.wi.leidenuniv.nl> <[🔎] 19980918185216.B20426@wiggy.ml.org> <[🔎] 19980921160403.57922@wi.leidenuniv.nl> <[🔎] 87g1dlfg7f.fsf@tiamat.datasync.com>

[Not Cc-ed to the BTS as I don't know the bug number yet]

On Mon, Sep 21, 1998 at 01:55:48PM -0500, Manoj Srivastava wrote:
[GPG support for dpkg]
> 	I think this is a important, if not grave, bug in dpkg. Any
>  move of this magnitude should be discussed, possibly written into
>  policy, and care should be taken that the rest of the system is ready
>  for it. 

I believed there to be concensus that GPG support was a good thing, and
ought to be implemented ASAP. (For instance, some people can't currently
develop Debian packages as they refuse to use PGP because of non-freeness).

> 	That is not good enough. Until dinstall is in place, the
>  default should be with pgp. As such, dpkg is broken.

You might want to remove this version of dpkg from Incoming then.

I consider this a problem with dinstall, rather than dpkg. Dpkg now defaults
to a using a free software package for signing source and binary packages;
free software is what Debian is about.

>  J> If GPG signing cannot be done, the code falls back to using PGP. If GPG
>  J> signing can be done, but you wish to use PGP signing, you can use the
>  J> argument "-ppgp -spgp".
> 
> 	I have a gpg key that I am using to play with gpg (so I do
>  have a basis for my judgement that gpg is not yet ready for
>  prime-time). 

I'm using gpg too; while it is not flawless, it is usable in my opinion.

> 	dpkg should not make changes of this magnitude without
>  discussion and approval of the policy group.

The issue of supporting GPG has come up in a "release goals" discussion;
there seemed to be no significant objections.

> 	I must say I am getting concerned about the numerous NMU's for
>  a package as important as dpkg, and such ill considered changes are
>  rather the last straw. Ian mentoned recently that dpkg has come to
>  the top of his list of things to do, perhaps he should rein in all
>  these NMU's floating around?

I'd like to see Ian take control of dpkg again. Prior to uploading this dpkg
NMU I asked him whether he'd mind my changes; he didn't.

Ray
-- 
Obsig: developing a new sig

Reply to:

Follow-Ups:
- Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
  - From: Manoj Srivastava <srivasta@datasync.com>
- Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
  - From: Joseph Carter <knghtbrd@earthlink.net>

References:
- Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
  - From: Wichert Akkerman <wakkerma@debian.org>
- Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
  - From: jdassen@wi.leidenuniv.nl
- Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
  - From: Manoj Srivastava <srivasta@datasync.com>

Prev by Date: Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Next by Date: Re: Why do we need lshell?
Previous by thread: Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Next by thread: Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Index(es):
- Date
- Thread