[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uploaded dpkg (source i386 all) to master

[Not Cc-ed to the BTS as I don't know the bug number yet]

On Mon, Sep 21, 1998 at 01:55:48PM -0500, Manoj Srivastava wrote:
[GPG support for dpkg]
> 	I think this is a important, if not grave, bug in dpkg. Any
>  move of this magnitude should be discussed, possibly written into
>  policy, and care should be taken that the rest of the system is ready
>  for it. 

I believed there to be concensus that GPG support was a good thing, and
ought to be implemented ASAP. (For instance, some people can't currently
develop Debian packages as they refuse to use PGP because of non-freeness).

> 	That is not good enough. Until dinstall is in place, the
>  default should be with pgp. As such, dpkg is broken.

You might want to remove this version of dpkg from Incoming then.

I consider this a problem with dinstall, rather than dpkg. Dpkg now defaults
to a using a free software package for signing source and binary packages;
free software is what Debian is about.

>  J> If GPG signing cannot be done, the code falls back to using PGP. If GPG
>  J> signing can be done, but you wish to use PGP signing, you can use the
>  J> argument "-ppgp -spgp".
> 	I have a gpg key that I am using to play with gpg (so I do
>  have a basis for my judgement that gpg is not yet ready for
>  prime-time). 

I'm using gpg too; while it is not flawless, it is usable in my opinion.

> 	dpkg should not make changes of this magnitude without
>  discussion and approval of the policy group.

The issue of supporting GPG has come up in a "release goals" discussion;
there seemed to be no significant objections.

> 	I must say I am getting concerned about the numerous NMU's for
>  a package as important as dpkg, and such ill considered changes are
>  rather the last straw. Ian mentoned recently that dpkg has come to
>  the top of his list of things to do, perhaps he should rein in all
>  these NMU's floating around?

I'd like to see Ian take control of dpkg again. Prior to uploading this dpkg
NMU I asked him whether he'd mind my changes; he didn't.

Obsig: developing a new sig

Reply to: