Bug#26909: Uploaded dpkg 1.4.0.28 (source i386 all) to master
Package: dpkg-dev
Version: 1.4.0.28
Severity: important
Hi,
>>"J" == J H M Dassen <jdassen@wi.leidenuniv.nl> writes:
J> On Fri, Sep 18, 1998 at 06:52:16PM +0200, Wichert Akkerman wrote:
>> Previously jdassen@wi.leidenuniv.nl wrote:
>> > * Added gpg (GNU Privacy Guard) support:
>> > * scripts/buildpackage.sh: default to GPG (unless no GPG, but only
>> > a PGP secret key file is found), as GPG, unlike PGP, is DFSG-free.
>> Please reconsider this: this would mean all packages will be rejected
>> since dinstall doesn't support GPG yet.
I think this is a important, if not grave, bug in dpkg. Any
move of this magnitude should be discussed, possibly written into
policy, and care should be taken that the rest of the system is ready
for it.
Secondly, gpg is not yet stable enough to be used in general;
I think we are jumping the gun with this.
J> I've made patches for this; they're either already in Guy's mailbox, or will
J> be soon.
That is not good enough. Until dinstall is in place, the
default should be with pgp. As such, dpkg is broken.
>> I understand you feel we should use DFSG-free software (and agree), but I
>> think you are going a bit too fast here.
J> If GPG signing cannot be done, the code falls back to using PGP. If GPG
J> signing can be done, but you wish to use PGP signing, you can use the
J> argument "-ppgp -spgp".
I have a gpg key that I am using to play with gpg (so I do
have a basis for my judgement that gpg is not yet ready for
prime-time).
dpkg should not make changes of this magnitude without
discussion and approval of the policy group.
I must say I am getting concerned about the numerous NMU's for
a package as important as dpkg, and such ill considered changes are
rather the last straw. Ian mentoned recently that dpkg has come to
the top of his list of things to do, perhaps he should rein in all
these NMU's floating around?
manoj
--
The mother of the year should be a sterilized woman with two adopted
children. Paul Ehrlich
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: