Am Mittwoch, den 16.04.2008, 14:19 +0200 schrieb Kai Wasserbäch: > on the 1st of April I wrote an e-mail to James Troup offering my help in > hunting > down open bugs which are no longer present an thus enabling him to concentrate > on packaging GnuPG 1.4.9. But his last action regarding this package is well > over an year old and the only updates I can see in the PTS were made by the > Security Team. And before I forget to write it: I didn't receive an answer. > So my question is: Is James known to be inactive? Are there others currently > on > the task to get a new version (upstream has 1.4.9) into Debian?
I tried to get into it after I found, that several issues were fixed. You can find some tagging and commenting by my person at the BTS. But for known reasons (told it on the planet), I'm currently busy and offline. However: We should REALLY give more love to this package. I mean, there is a very active and helpful upstream, but an inactive maintenance which lead to >130 open bug report. I don't think, that upstream will keep up taking care of bug reports in the Debian BTS with this amount of reports. We should try to track down issues and decrease the amount of open bug reports to keep the good relationship to upstream. I hope, you understand, what I want to say. I mean: having such an upstream is a very fortunate situation. > Is there > anything I can help (I'm certainly not suitable as a maintainer for that > package > myself, because it's too essential to be entrusted to someone who is unknown > to > (nearly) all people on this list) with, e.g. by triaging bugs? > > Should this question already have been discussed somewhere, please point me > to it. Here is, what I found out yet after a short look (just a c&p): *** Main: 452118: new upstream release *** Fixed in 1.4.7 and newer: 201589: Removed shutdown code in util/http.c and fix http_proxy (739) 402592: Limit bytes read for an unknown alogorithm 412508, 420613: Build changes to fully evaluate paths 431828: Decrypt multiple files and not just the first *** Maybe fixed 1.4.7 and newer: ... *** Fixed in older releases: 72148: will deadlock with no timeout if keyserver cannot close socket (151) 137381: http_proxy support (361) 146345: gnupg: Can't restrict access to secring.gpg (--enable-selinux-support) *** Maybe fixed in older releases (needs to be verified): 166794, 172823: --search leads to segfault *** Forward candidates: 58260, 317654: remove existing lockfiles *** Wontfix candidates (upstream rejected without final notice or candidate): 310805: gnupg: fully exportable armored homedir is completely impossible now! 162742: gnupg: Please handle "deprecated option honor-http-proxy" *** Close candidate (upstream rejected change): 185782: `--batch --output existingfile' outputs nothing and exits 0 196681: gnupg: gpg says /dev/[EMAIL PROTECTED] isn't a valid email address *** Maybe is addressed (patch exists somehow and somewhere): 262467: 16_min_privileges breaks gpg on kernels without capabilities *** Maybe should be addressed: 130363: gnupg: Duplicate key is handled as error (upstream) 133923: gnupg: Reports bug on --list-keys *** Debian package related (to fix with update): 357267: conditional libcap-dev dependency 399092: debian/gzip.1 manpage 399167: ldap -> recommends 453122: not suid-root > Thank you in advance for your reply(s). HTH (will be back during mid of May and I'm willing to help) Regards, Daniel
