Bug#203741: apt-secure

To: Adam Heath <doogie@debian.org>
Cc: 203741@bugs.debian.org, Colin Walters <walters@verbum.org>, Isaac Jones <ijones@syntaxpolice.org>
Subject: Bug#203741: apt-secure
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 8 Sep 2003 13:54:08 -0400
Message-id: <[🔎] 20030908175408.GL18829@alcor.net>
Reply-to: Matt Zimmerman <mdz@debian.org>, 203741@bugs.debian.org
In-reply-to: <[🔎] Pine.LNX.4.44.0309081248440.26334-100000@gradall.private.brainfood.com>
References: <[🔎] 20030908141224.GD18829@alcor.net> <[🔎] Pine.LNX.4.44.0309081248440.26334-100000@gradall.private.brainfood.com>

On Mon, Sep 08, 2003 at 12:49:33PM -0500, Adam Heath wrote:

> On Mon, 8 Sep 2003, Matt Zimmerman wrote:
> 
> > I'm wary of a Depends: on gnupg, since apt is fully functional without it.
> > We should definitely ship some keys by default, but if we ship them in the
> > form of a gnupg keyring, rather than exported keys, I think we can avoid the
> > dependency and just copy the keyring into place (assuming that gnupg
> > keyrings are reasonably portable across versions).
> 
> Jason said years ago that he was going to add dlopen support to apt.  He never
> did.  If apt could suddenly load external modules, then apt-secure could be a
> separate deb, that depended on gpg, and debian-keyring.

The only part which actually invokes gpg is the gpgv method, which is
already in a separate binary from the rest of apt.  The trouble is that if
they don't have it installed, apt would not be able to verify any signatures
and would complain every time a package is to be installed.  Maybe it should
not even try to verify anything if it finds that gpg is not installed?

-- 
 - mdz

Reply to:

References:
- Bug#203741: apt-secure
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#203741: apt-secure
  - From: Adam Heath <doogie@debian.org>

Prev by Date: Bug#203741: apt-secure
Next by Date: Sie haben eine Einladung erhalten! ID Ijweqeuy
Previous by thread: Bug#203741: apt-secure
Next by thread: Bug#203741: apt-secure
Index(es):
- Date
- Thread