Hello, On Sat 04 Jan 2025 at 01:27pm +01, Andreas Metzler wrote:
> On 2025-01-04 Sean Whitton <spwhit...@spwhitton.name> wrote: >> On Mon 23 Dec 2024 at 01:17pm +01, Julian Andres Klode wrote: > [...] >>> The gpgv tool is no longer used by apt as of the 2.9.19 upload. >>> It is the only thing left pulling in libgcrypt and whole bunch >>> of GnuPG packages into a standard debootstrap. > >>> I suggest demoting it to optional. I do not believe use of gpgv >>> by users is super wide-spread that it warrants standard priority. > >> Generally it is helpful in bootstrapping situations to verify, e.g., >> checksums for ISOs, and the like. > >> What do the gpg maintainers think? > > Hello, > > checking an installation medium's signature would happen > before/instead of debootstrap so I do not see how that is relevant for > keeping gpgv standard. In the longer term I hope to see a move to using > a stateless interface for verification. > > Active gnupg users will install the gnupg metapackage which recommends > gpgv so it will be installed anyway. > > I fail to see why gpgv's priority cannot be demoted. Thanks for the feedback. The sort of situation I had in mind was where you have a Debian system and not much else and you are trying to bootstrap to more; having gpgv available can be helpful. Anyway, I'll go ahead with the demotion. -- Sean Whitton
signature.asc
Description: PGP signature
