Hi Pierre-- Thanks for continuing to engage constructively on this.
The GnuPG packaging split that happened in 2.1.21-4 (and the subsequent
packages added to support things like WKS) does indeed cause more things
to be pulled in by the explicit dependency on the "gnupg" package than
used to be the case.
On Wed 2017-11-29 21:48:01 +0100, Pierre Ynard wrote:
> how about the reason that it violates the Debian policy?? I've brought
> it up several times in this thread already, and nobody has denied it.
iiuc, your contention about debian policy is:
>> The policy states that hard dependencies are for when they're needed
>> to provide a significant amount of functionality. mutt provides
>> plenty of functionality already without the option to GPG-sign emails
>> and even without checking email signatures. So from that point of
>> view, it hardly seems appropriate that mutt pulls unconditionally the
>> whole GnuPG suite.
But please consider that policy governs immediate dependencies. That
is, it's not abouve whether *mutt* provides significant functionality
without GnuPG. It's about whether *libgpgme* provides significant
functionality.
libgpgme provides *no functionality* whatsoever if gpg is not installed.
Without gpg-agent or dirmngr, libgpgme cannot provide secret key
operations, which is clearly a "significant amount of functionality".
Do you really think it's a violation of debian policy that gpgme
explicitly Depends on the full gnupg suite?
> Regardless, once again, I've made several suggestions that would leave
> them installed by default like you mentioned. Nobody has denied that it
> would be a positive solution for everybody.
Would the following change satisfy your concerns? Would you be willing
to look out for (and help respond to) any bug reports that debian
receives about users of gpgme (including, but not limited to, mutt
users) who can no longer use their secret keys as expected?
diff --git a/debian/control b/debian/control
index f99a7401..429d2d9e 100644
--- a/debian/control
+++ b/debian/control
@@ -55,17 +55,20 @@ Description: GPGME - GnuPG Made Easy (development files)
Package: libgpgme11
Architecture: any
Multi-Arch: same
Pre-Depends:
${misc:Pre-Depends},
Depends:
- gnupg (>> 2) | gnupg2 (>> 2.0.4),
+ gnupg (>= 2.1.21-4) | gpg,
${misc:Depends},
${shlibs:Depends},
-Suggests:
- gpgsm (>> 1.9.6),
+Recommends:
+ dirmngr,
+ gpg-agent,
+ gpg-wks-client,
+ gpgsm,
Description: GPGME - GnuPG Made Easy (library)
GPGME is a wrapper library which provides a C API to access some of the
GnuPG functions, such as encrypt, decrypt, sign, verify, ...
.
This package contains the library.
Note that this will make backporting of libgpgme to older distributions
more difficult.
Regards,
--dkg
signature.asc
Description: PGP signature
