[Popcon-developers] gnugp dependency of apt
Bill Allombert
Bill.Allombert at math.u-bordeaux1.fr
Sat May 18 15:33:31 UTC 2013
On Fri, May 17, 2013 at 10:09:35PM +0200, David Kalnischkies wrote:
> On Fri, May 17, 2013 at 4:51 PM, Bill Allombert
> <Bill.Allombert at math.u-bordeaux1.fr> wrote:
> > So if you plan to remove this dependency (and e.g. use gpg2 or gpgv instead), please
> > let me know so.
>
> The plan is to get right of the hard-dependency on gnupg in the future as
> we don't need it anymore now that keyring-packages are advised to drop
> their keys into /etc/apt/trusted.gpg.d/ instead of using apt-key.
>
> All we need is gpgv (which is what we actual use all these years), so that
> will be our hard-dependency in the future, but I presume gnupg will just be
> demoted to Recommends, so it will stay available "on all but unusual systems"
> as it remains needed for apt-key.
Thanks for your answer. I was indeed expecting you would move to gpgv
(which I cannot use since it does not do encryption.)
> (were is a bit of work left to make that happen, but "I have a dream".
> Mainly because using gnupg non-interactively is a hell even worse than
> dependency hell, but that is another story …)
I see I am not the only one struggling with gpg...
> So in practice you shouldn't notice the difference.
> But I don't really see why our usage is important here, popcon isn't even
> depending on apt (and popcon tells me that [a tiny fraction of] systems do
> not have apt installed while they report popcon …)
As you note, apt is installed on all except a tiny fraction of system.
Essentially, if apt were changed to depend on e.g. gnupg2 instead of gnugp,
then it is better to also update popcon to use gnupg2 rather than requiring
popcon users to carry both gnupg and gnupg2.
But there is another reason: any package that is used by popcon has 100% popcon
usage by definition, which makes the statistic useless. So it is best to only
use packages that are installed by default anyway. This is currently the case
of gnupg due to the apt dependency.
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the Popcon-developers
mailing list