the way to enigmail: gnupg 2.1 backport considerations
Hi,
So I've been looking at Enigmail again, after a long journey helping
people in stable getting that stuff fixed. It's pretty obvious there's
no way to upload that without first doing a GnuPG 2.1 backport into
jessie.
That, it turns out, requires *four* more source package
backports. Fortunately for us, *all* of those are already in
jessie-backports. They would, unfortunately, probably need to be
uploaded straight into jessie-security, however, if only for
consistency's sake.
That would mean, however, a more or less forced update on the following
libraries in jessie:
* libassuan (part of GPG, 2.1 -> 2.4)
* libgcrypt20 (part of GnuTLS, 1.6 -> 1.7)
* libgpg-error (GPG, 1.17 -> 1.26)
* npth (GPG, 1.0 -> 1.3)
How should we handle this? I haven't looked at each backport in detail
to see if ABI changes are significant, but the version numbers seem to
indicate they are not (for what that's worth of course).
That said, with minor changes (to keep "gpg" pointing at the legacy 1.4
version, most notably), I've got a GPG 2.1 backport ready for jessie, at
the usual location:
https://people.debian.org/~anarcat/debian/jessie-lts/
I would very much welcome testing of this. There are still some clunky
things in there, for example critical lintian warnings I need to fix. I
haven't even tried to installed the thing yet, but I figured I would
share my work early and get feedback before going on a wild goose chase
after the dependencies.
Any feedback appreciated.
Thanks,
A.
--
For once you have tasted flight,
You will walk the earth with your eyes turned skyward;
For there you have been,
And there you long to return.
- Leonardo da Vinci
Reply to: