[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GnuPG: Maintainer inactive?

Am Mittwoch, den 16.04.2008, 14:19 +0200 schrieb Kai Wasserbäch:

> on the 1st of April I wrote an e-mail to James Troup offering my help in hunting
> down open bugs which are no longer present an thus enabling him to concentrate
> on packaging GnuPG 1.4.9. But his last action regarding this package is well
> over an year old and the only updates I can see in the PTS were made by the
> Security Team. And before I forget to write it: I didn't receive an answer.
> So my question is: Is James known to be inactive? Are there others currently on
> the task to get a new version (upstream has 1.4.9) into Debian?

I tried to get into it after I found, that several issues were fixed.
You can find some tagging and commenting by my person at the BTS. But
for known reasons (told it on the planet), I'm currently busy and

However: We should REALLY give more love to this package. I mean, there
is a very active and helpful upstream, but an inactive maintenance which
lead to >130 open bug report. I don't think, that upstream will keep up
taking care of bug reports in the Debian BTS with this amount of
reports. We should try to track down issues and decrease the amount of
open bug reports to keep the good relationship to upstream. I hope, you
understand, what I want to say. I mean: having such an upstream is a
very fortunate situation.

> Is there
> anything I can help (I'm certainly not suitable as a maintainer for that package
> myself, because it's too essential to be entrusted to someone who is unknown to
> (nearly) all people on this list) with, e.g. by triaging bugs?
> Should this question already have been discussed somewhere, please point me to it.

Here is, what I found out yet after a short look (just a c&p):

*** Main:
452118: new upstream release

*** Fixed in 1.4.7 and newer:
201589: Removed shutdown code in util/http.c and fix http_proxy (739)
402592: Limit bytes read for an unknown alogorithm
420613: Build changes to fully evaluate paths
431828: Decrypt multiple files and not just the first

*** Maybe fixed 1.4.7 and newer:

*** Fixed in older releases:
 72148: will deadlock with no timeout if keyserver cannot close socket (151)
137381: http_proxy support (361)
146345: gnupg: Can't restrict access to secring.gpg (--enable-selinux-support)

*** Maybe fixed in older releases (needs to be verified):
172823: --search leads to segfault

*** Forward candidates:
317654: remove existing lockfiles

*** Wontfix candidates (upstream rejected without final notice or candidate):
310805: gnupg: fully exportable armored homedir is completely impossible now!
162742: gnupg: Please handle "deprecated option honor-http-proxy"

*** Close candidate (upstream rejected change):
185782: `--batch --output existingfile' outputs nothing and exits 0
196681: gnupg: gpg says /dev/null@alea isn't a valid email address

*** Maybe is addressed (patch exists somehow and somewhere):
262467: 16_min_privileges breaks gpg on kernels without capabilities

*** Maybe should be addressed:
130363: gnupg: Duplicate key is handled as error (upstream)
133923: gnupg: Reports bug on --list-keys

*** Debian package related (to fix with update):
357267: conditional libcap-dev dependency
399092: debian/gzip.1 manpage
399167: ldap -> recommends
453122: not suid-root

> Thank you in advance for your reply(s).

(will be back during mid of May and I'm willing to help)

Regards, Daniel

Reply to: