On Mon, 2018-11-12 at 15:16 -0500, Antoine Beaupré wrote: > Hi, > > So I've been looking at Enigmail again, after a long journey helping > people in stable getting that stuff fixed. It's pretty obvious there's > no way to upload that without first doing a GnuPG 2.1 backport into > jessie. > > That, it turns out, requires *four* more source package > backports. Fortunately for us, *all* of those are already in > jessie-backports. They would, unfortunately, probably need to be > uploaded straight into jessie-security, however, if only for > consistency's sake. > > That would mean, however, a more or less forced update on the following > libraries in jessie: > > * libassuan (part of GPG, 2.1 -> 2.4) > * libgcrypt20 (part of GnuTLS, 1.6 -> 1.7) > * libgpg-error (GPG, 1.17 -> 1.26) > * npth (GPG, 1.0 -> 1.3) > > How should we handle this? I haven't looked at each backport in detail > to see if ABI changes are significant, but the version numbers seem to > indicate they are not (for what that's worth of course). [...] Unless these are bug-fix-only updates, I don't think they are suitable for jessie-security. Would it be possible to bundle the libraries with gpg 2.1, and install them somewhere that doesn't conflict with the existing versions? Ben. -- Ben Hutchings No political challenge can be met by shopping. - George Monbiot
Attachment:
signature.asc
Description: This is a digitally signed message part