[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Focusing our efforts: Key packages


Am Samstag, den 20.06.2015, 15:28 +0200 schrieb Marcel Fourné:
> your approach seems sensible to sort-of make Debian hold a core of the
> packages on [h|st]ackage. I do not think Debian needs to contain every
> leaf package, but enough to enable bootstrapping from.

it doesn’t have to be a core, but it should be cruft-free.

> > This implies that we should remove all packages that are neither in
> > Stackage nor that are (used by) key packages.
> > 
> > I added support for such reasoning to the package plan, and marked a
> > few packages as key packages. This would currently imply that we can
> > remove these packages:
> >      * cryptonite
> Since the new version of tls will depend on cryptonite, it would be a
> waste to remove it. This also means it will soon be in the
> dependencies, leaving the drop list that way.

Thanks, marked as such.

> >      * ed25519
> I'm testing my own code against this and the new hackage-security will
> likely depend on this implementation, so I think there is enough merit
> to have it in Debian - even if only as a trust anchor. 

If you think so, please simply mark it as key. I do not thing that the
threshold for a package to be marked a key (or should we say "root"?)
needs to be high. It just needs to be a deliberate decision by someone.

> In the long run there will be a pure haskell implementation (working on
> it), but very likely this package may be useful for some time even
> after that. I have marked it as "key" and will care for it if the need
> arises.

Ah you already have? Great!

Joachim "nomeata" Breitner
Debian Developer
  nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: F0FBF51F
  JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: