On Mon 2018-11-12 15:16:39 -0500, Antoine Beaupré wrote:
> * libgcrypt20 (part of GnuTLS, 1.6 -> 1.7)
libgcrypt is not a part of GnuTLS. GnuTLS has used nettle instead of
gcrypt for years. gcrypt is more properly "part of GnuPG" than anything
else.
basically, all of these libraries are gnupg libraries.
It's a little bit distressing that upstream's attempt to split them out
as distinct libraries (which i think was intended to make them more
useful to other consumers) might be a roadblock on the way to updating
GnuPG itself.
Ben's suggestion of shipping them in a non-default location ("vendor
bundling"?) sounds pretty dubious to me -- i wouldn't want to reason
about (let alone vouch for) the upgrade path from such a hybridized
variant of jessie to standard debian stretch myself.
--dkg
