On Oct 23, Jonathan Dowland <jmtd@debian.org> wrote: > Both of Depends and Recommends in this case have drawbacks. It's a > matter of weighing them up and considering their likelyhoods on a case > by case basis. In this case, the maintainer must weigh the experience of > users who may install mutt without gnupg and get a compromised > experience, and how likely they are to hit that, versus the likelyhood > that a user would be significantly troubled by installing gnupg even if > they don't intend to use it; and in the latter case, factor in that we > do have a system for addressing that, equivs, as you point out. It's not just gnupg. gnupg depends on (among many other things) gpg-agent, which depends on pinentry, which used to pull in X libraries unless I remembered to manually install pinentry-curses first. It has always been a pain and it is not justified just to check the content of a maildir in a server. PGP-signed mail is an highly advanced feature, so I do not think that it is unreasonable to expect from users who want to use it to also install gnupg. > In the case of mutt&neomutt, both are configured to have PGP enabled by > default. With the default configuration, as soon as you read a > PGP-signed mail, you will hit the behaviour that requires gnupg > installed to function properly. Due to this, I don't think this No: it is also TOTALLY POINTLESS to even just automatically verify received emails because any result is meaningless unless the local user has manually configured local sources of trust. Which requires installing AND configuring gnupg, so again the user has to know about it. -- ciao, Marco
Attachment:
signature.asc
Description: PGP signature