Hi Manuel and maintainers of debian-archive-keyring, On Fri 2015-10-09 13:09:13 +0100, Manuel A. Fernandez Montecelo wrote: > From DebConf, I got the imporession that we should start to move to > gnupg2, and even if not gnupg2 seems perfectly stable nowadays and > having to keep both installed seems unnecessary (I have to use v2 for > other reasons). > > This package depends on and recommends gnupg and gpg, so I think that > at least gnupg2 and gpgv2 should be added as an option.
As one of the debian maintainers of GnuPG, please *do not* depend on the
gnupg2 or gpgv2 packages. For one thing, the gnupg and gpgv packages
are shipping the modern version of GnuPG these days anyway (2.1.x), and
the gnupg2 and gpgv2 packages are dummy/transitional packages (with the
exception of offering a symlinked name for the binaries in question).
For another, i'm not convinced that debian-archive-keyring should
Recommend: gnupg at all.
I'm not even sure i understand why debian-archive-keyring Depends: gpgv
-- the package's goal is to provide the archive keyring to enable
OpenPGP validation, but the package itself doesn't appear to require
gpgv in any way. Presumably the packages that need to *do* OpenPGP
validation will Depend: gpgv (or whatever other OpenPGP validator tool
they prefer to use).
I recommend moving gpgv to Suggests: and and removing gnupg from the set
of dependencies entirely.
--dkg
signature.asc
Description: PGP signature
