[prev] [thread] [next] [lurker] [Date index for 2006/06/05]
* jrodman@xxxx.xxxxxxxxxx.xxx [Mon, 05 Jun 2006 13:24:10 -0700]:
> This isn't really true.
Shrug.
> debian-archive-keyring is a near-necessity for debian developers. It is
> the package which includes the gpg/pgp keys of every debian developer.
> That's a _lot_ of keys. Every debian developer really should have this.
> No debian user really has any reason to have this.
False. You are talking about the debian-keyring package:
11M debian-keyring_2005.05.28_all.deb
6.0K debian-archive-keyring_2006.01.18_all.deb
debian-archive-keyring only contains the keys that are used to sign the
archive, which are one for each year.
And, TTBOMK, if apt does not Depend: of debian-archive-keyring, it's
clearly not because size concerns about the keyring, but because d-a-k
pulls gnupg, which pulls a fair amount of dependencies. IMO the solution
to this is to create a package that only ships a stripped version of
/usr/bin/gpgv, make d-a-k depend on that package instead of gnupg, and
then make apt depend on d-a-k, and so half a year ago I requested [1]
the creation of such package, because I wanted for this suboptimal
situation to be fixed.
[1] http://bugs.debian.org/340350
But it's something I can't fix myself, so if you want to express your
support for this idea, you can mail 340350@xxxx.xxxxxx.xxx.
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
Listening to: Rosa León - El barquito chiquitito
There's stuff above here
Generated at 22:01 on 05 Jun 2006 by mariachi 0.52