Re: Uploaded dpkg 1.4.0.28 (source i386 all) to master
[Not Cc-ed to the BTS as I don't know the bug number yet]
On Mon, Sep 21, 1998 at 01:55:48PM -0500, Manoj Srivastava wrote:
[GPG support for dpkg]
> I think this is a important, if not grave, bug in dpkg. Any
> move of this magnitude should be discussed, possibly written into
> policy, and care should be taken that the rest of the system is ready
> for it.
I believed there to be concensus that GPG support was a good thing, and
ought to be implemented ASAP. (For instance, some people can't currently
develop Debian packages as they refuse to use PGP because of non-freeness).
> That is not good enough. Until dinstall is in place, the
> default should be with pgp. As such, dpkg is broken.
You might want to remove this version of dpkg from Incoming then.
I consider this a problem with dinstall, rather than dpkg. Dpkg now defaults
to a using a free software package for signing source and binary packages;
free software is what Debian is about.
> J> If GPG signing cannot be done, the code falls back to using PGP. If GPG
> J> signing can be done, but you wish to use PGP signing, you can use the
> J> argument "-ppgp -spgp".
>
> I have a gpg key that I am using to play with gpg (so I do
> have a basis for my judgement that gpg is not yet ready for
> prime-time).
I'm using gpg too; while it is not flawless, it is usable in my opinion.
> dpkg should not make changes of this magnitude without
> discussion and approval of the policy group.
The issue of supporting GPG has come up in a "release goals" discussion;
there seemed to be no significant objections.
> I must say I am getting concerned about the numerous NMU's for
> a package as important as dpkg, and such ill considered changes are
> rather the last straw. Ian mentoned recently that dpkg has come to
> the top of his list of things to do, perhaps he should rein in all
> these NMU's floating around?
I'd like to see Ian take control of dpkg again. Prior to uploading this dpkg
NMU I asked him whether he'd mind my changes; he didn't.
Ray
--
Obsig: developing a new sig
Reply to: