On 2025-01-04 Sean Whitton <spwhit...@spwhitton.name> wrote: > On Mon 23 Dec 2024 at 01:17pm +01, Julian Andres Klode wrote: [...] >> The gpgv tool is no longer used by apt as of the 2.9.19 upload. >> It is the only thing left pulling in libgcrypt and whole bunch >> of GnuPG packages into a standard debootstrap.
>> I suggest demoting it to optional. I do not believe use of gpgv >> by users is super wide-spread that it warrants standard priority. > Generally it is helpful in bootstrapping situations to verify, e.g., > checksums for ISOs, and the like. > What do the gpg maintainers think? Hello, checking an installation medium's signature would happen before/instead of debootstrap so I do not see how that is relevant for keeping gpgv standard. In the longer term I hope to see a move to using a stateless interface for verification. Active gnupg users will install the gnupg metapackage which recommends gpgv so it will be installed anyway. I fail to see why gpgv's priority cannot be demoted. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
signature.asc
Description: PGP signature
