Marco d'Itri <m...@linux.it> writes: > On Jan 14, Simon Josefsson <si...@josefsson.org> wrote: > >> I don't think it is a good idea to use the powers that comes by being a >> package maintainer or distribution to force changes of how some piece of >> software is supposed to work by patching it without changing its name. > We have been doing this since Debian exists, so I think that you will > have to express a much more articulate argument than "I don't think it > is a good idea".
Do you have earlier examples of Debian modifying upstream's desired wire crypto-sensitive protocol in the way like what is being done for GnuPG? Maybe there are some older OpenSSH or OpenSSL patches like that. >> And also please upload verbatim upstream GnuPG separately. This allows >> user choice. > Why don't YOU do it, if you really care so much? > As a project we have no moral or technical obligations to provide > choices that we do not personally care about. I am hoping that the 'gnupg2' package could be altered towards that goal, and that some sort of compromise with the GnuPG Debian maintainers can be reached that providing a LibrePGP-compliant GnuPG in Debian is acceptable. I still have hope that this could happen. But you are right, it helps to do homework first. I've filed an ITP for a 'gnupg24' source package, to allow more substantiated discussion to proceed. https://bugs.debian.org/1093026 I've set up the following repository, forking gnupg2's current Salsa git debian/experimental repository, with the intent of minimizing it into shipping a LibrePGP-compatible set of 'gpg' tools. https://salsa.debian.org/debian/gnupg-24 I would prefer if this was team-maintained with the existing GnuPG maintainers since they are the experts on GnuPG in Debian. /Simon
signature.asc
Description: PGP signature
