Control: tags -1 + pending On Tue, 2017-08-15 at 17:07 +0100, Adam D. Barratt wrote: > On 2017-08-15 15:37, Daniel Kahn Gillmor wrote: > > I'm not even sure i understand why debian-archive-keyring Depends: gpgv > > -- the package's goal is to provide the archive keyring to enable > > OpenPGP validation, but the package itself doesn't appear to require > > gpgv in any way. Presumably the packages that need to *do* OpenPGP > > validation will Depend: gpgv (or whatever other OpenPGP validator tool > > they prefer to use). > > > > I recommend moving gpgv to Suggests: and and removing gnupg from the > > set > > The dependency was added as part of the changes in d-a-k 2012.1: > > [ David Kalnischkies ]
For the record, I talked with David on IRC about this. When the dependency was originally added, apt did not depend on gpgv or gpg itself, as archive signing was very much optional, so d-a-k had to ensure that they were available directly. These days, apt has the required dependencies, so there's no need for them in d-a-k. I've therefore pushed the removal of the dependencies from the .deb package for the next upload. (The udeb has a Recommends on gpgv-udeb, but I don't know the installer environment well enough to be happy touching that right now.) Regards, Adam
