Hello, On Mon 29 Sep 2025 at 10:55pm +02, Paride Legovini wrote:
> Package: git-debpush > Version: 13.15 > Severity: normal > X-Debbugs-Cc: [email protected] > > Dear Maintainer, > > Please consider replacing the dependency on the gnupg metapackage > (Depends: gnupg) with a dependency on individual GnuPG tools (gpg > and possibly others, if needed). This will allow using git-debpush > with gpg-from-sq, which does not (and should not) provide gnupg. Interesting! I don't think we don't invoke gpg directly, but only via git. The description of bin:gpg says that bin:gpg won't be enough, because we need to make signatures, which is a secret key-involving operation. There are a large number of binary packages built by src:gnupg2. I'm not sure which we need to depend on, and I'm not sure how good a job our CI will do at telling us which are needed, because there are such a variety of user configurations. So help here would be appreciated. -- Sean Whitton
signature.asc
Description: PGP signature
