Your message dated Fri, 25 Sep 2009 11:47:12 +0000
with message-id <e1mr9ga-00043z...@ries.debian.org>
and subject line Bug#545275: fixed in gnupg 1.4.10-2
has caused the Debian Bug report #545275,
regarding priority important package depending on optional one.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
545275: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545275
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnupg
Version: 1.4.10-1
Severity: serious
Hello,
the new gnupg now *depends* on libcurl3-gnutls. gnupg is priority
important and a part of base system since debian-archive-keyring
depends on it. (On a sidenote I am wondering whether splitting gpg
and gpgv still makes sense if apt requires the full gnupg package
anyway for apt-key.)
libcurl3-gnutls is only priority optional, breaking policy 2.5. Which
makes this a rc bug. I am reporting this against gnupg instead of
ftp.debian.org since I am not sure about the proper workaround.
There are two ways to fix this:
#1 Bump libcurl3-gnutls priority. libcurl3-gnutls itself depends on
ca-certificates (optional) which again depends on openssl (optional).
I am pretty sure we do not want to bump openssl's priority,
libcurl3-gnutls should instead downgrade its dependency on
ca-certificates to a suggests.
#2 Get rid of gnupg's dependency on libcurl3-gnutls. This seems to
require quite a bit of effort. If gnupg is built with curl support it
is using curl even for hkp keyservers. You could perhapsr build gnupg
twice (once to get a gpgkeys_hkp without curl and then a second time
for gpgkeys_curl), but I have no idea whether this might actually
produce working binaries or a subtly broken configuration, it is not
something supported upstream.
OTOH you could downgrade libcurl3-gnutls
to a recommends, requiring installation of recommends for *any*
keyserver support. - I doubt people would love you for that.
The third posibilty is to stop linking against curl again, reopening
LP: #62864 and putting the decision off until upstream implents this
plan:
NEWS:
|Noteworthy changes in version 1.4.3 (2006-04-03)
[...]
| To force building the old pre-cURL keyserver helpers, use the
| configure option --enable-old-keyserver-helpers. [...] Note also that
| a future version of GnuPG will remove the old keyserver helpers
| altogether.
cu andreas
PS: cc-ing libcurl3-gnutls(at)packages.debian.org
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--- End Message ---
--- Begin Message ---
Source: gnupg
Source-Version: 1.4.10-2
We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive:
gnupg-curl_1.4.10-2_i386.deb
to pool/main/g/gnupg/gnupg-curl_1.4.10-2_i386.deb
gnupg-udeb_1.4.10-2_i386.udeb
to pool/main/g/gnupg/gnupg-udeb_1.4.10-2_i386.udeb
gnupg_1.4.10-2.diff.gz
to pool/main/g/gnupg/gnupg_1.4.10-2.diff.gz
gnupg_1.4.10-2.dsc
to pool/main/g/gnupg/gnupg_1.4.10-2.dsc
gnupg_1.4.10-2_i386.deb
to pool/main/g/gnupg/gnupg_1.4.10-2_i386.deb
gpgv-udeb_1.4.10-2_i386.udeb
to pool/main/g/gnupg/gpgv-udeb_1.4.10-2_i386.udeb
gpgv_1.4.10-2_i386.deb
to pool/main/g/gnupg/gpgv_1.4.10-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 545...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 25 Sep 2009 10:34:50 +0200
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb
Architecture: source i386
Version: 1.4.10-2
Distribution: unstable
Urgency: low
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
Closes: 545268 545275 546552
Changes:
gnupg (1.4.10-2) unstable; urgency=low
.
[ Thijs Kinkhorst ]
* Correct build issue when backporting to lenny, thanks Andreas Metzler
(closes: #545268).
.
[ Daniel Leidert ]
* debian/control: Added gnupg-curl package which ships the keyserver helper
tools built with libcurl. gnupg recommends this package.
(Build-Depends): Changed to generic libreadline-dev (see pkg-gnupg-maint
list 09/2009).
(Description): Adjusted for gnupg vs. gnupg-curl.
* debian/gnupg.doc-base.faq: Added to register the GnuPG FAQ with doc-base.
* debian/gnupg-curl.preinst,
debian/gnupg-curl.postrm: Added to add/remove the diversions for
gpgkeys_curl and gpgkeys_hkp.
* debian/rules: Added targets to build the gnupg binary and helper tools
explicitly with libcurl. Move the gpgkeys_curl and gpgkeys_hkp keyserver
tools built with libcurl into the gnupg-curl package.
(build-deb/config.status): Build the gnupg binary with the "curl shim"
variant and without libcurl, so we don't depend on packages with priority
lower important (closes: #545275).
(install): Delete /usr/share/info/dir.gz (closes: #546552).
(binary-arch): Add missing relevant ChangeLog files.
Checksums-Sha1:
11607b888e85ba2c0dadcd0311f6caef3254c074 1703 gnupg_1.4.10-2.dsc
7047f6937399b9dd924ac49887d2c5cdfa499416 23618 gnupg_1.4.10-2.diff.gz
02a73b79dbeefd495e86fd0a3dc291052370fe56 2089174 gnupg_1.4.10-2_i386.deb
ee09f941ce805dc1fff9ec70e2e88fda7e3e7609 71656 gnupg-curl_1.4.10-2_i386.deb
6b506f40bec397c7f7b36d929da634bd54cd7d78 201448 gpgv_1.4.10-2_i386.deb
6532e1b8e6065de86c9f9033af73eed84655348f 381224 gnupg-udeb_1.4.10-2_i386.udeb
7f5ca622f77ab185f2649933e5dda6f5cdcb0e3b 134062 gpgv-udeb_1.4.10-2_i386.udeb
Checksums-Sha256:
2d44ec72fb685cc85a203cc0249012557a140eed02ef9f1b9eaa4fe3424aff92 1703
gnupg_1.4.10-2.dsc
9dbc7657e25e9b887c36a730e23750fc829352c23c36c9821a91221bcb0c1b6f 23618
gnupg_1.4.10-2.diff.gz
7385a02f67aae5c8040da6ae688329a19ebe9002a59c951988cae73d4f3e8d19 2089174
gnupg_1.4.10-2_i386.deb
67a13cf58ae1e6debeda947eba100cea0ac9db514dbf4427a546d948e6282b7e 71656
gnupg-curl_1.4.10-2_i386.deb
8f04e4c1689d2b3dbd8dff491e5942eab4a7c96fd8775a4e410042a148915b9c 201448
gpgv_1.4.10-2_i386.deb
016c0c76d83f92cbab5086d1f2a6ba9008090fba3fe1d7031b109cd5004782b9 381224
gnupg-udeb_1.4.10-2_i386.udeb
56ce05ce2a31bdafc0e64fd0382cce93fecf850a97b5d5c2ca845ca7826d764a 134062
gpgv-udeb_1.4.10-2_i386.udeb
Files:
12d6a601862c3ca67f14eb78d8e2db7a 1703 utils important gnupg_1.4.10-2.dsc
4803815925ae3edbe723aa53358c7217 23618 utils important gnupg_1.4.10-2.diff.gz
c6d9554bbdff2e1ec21f81fb09d02f60 2089174 utils important
gnupg_1.4.10-2_i386.deb
376c9737400786c1ff6361e7da211b4b 71656 utils optional
gnupg-curl_1.4.10-2_i386.deb
11f82a94075cd76a93a48837d44cc639 201448 utils important gpgv_1.4.10-2_i386.deb
d27e3a0a6a41fd4bf5f8a1bf1ba7f02b 381224 debian-installer extra
gnupg-udeb_1.4.10-2_i386.udeb
c302dfd7d7e395bbd7e4c35a76c739b8 134062 debian-installer extra
gpgv-udeb_1.4.10-2_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCAAGBQJKvIWpAAoJECIIoQCMVaAcqccIAJgxNjFR018IWTlcJgk5cwbp
fmQPLohX9tf4vpaR57b4HgpjNIwMFbVb7o+YzeSJysSMBDrL7bxBr7Y7HjiVODus
KX7E8yMnEmFeMHgLYjPW7k2ApIYpZSc9/CvqvygWJFdIKRaPHJ2/6N45BwMEsiC1
9MBMTSKaPKKVyrukau65u6K8mnqf4FxuBjtJmsiLuckdOQ3XlmbIvmJv6thoX2/c
m4ryGURUuujoIER4XWDF4b1z/P08H9V3DDt+mBUSK02Q8IucQfrdVWIagaFdUVjU
YsMvennGshPCQxI2YJo8aassvilEt0edZoJCVyhWHzLqJ8CHbbeK4d52QXHLHDo=
=040j
-----END PGP SIGNATURE-----
--- End Message ---
