[prev] [thread] [next] [lurker] [Date index for 2006/06/05]
* jrodman@xxxx.xxxxxxxxxx.xxx [Mon, 05 Jun 2006 13:24:10 -0700]: > This isn't really true. Shrug. > debian-archive-keyring is a near-necessity for debian developers. It is > the package which includes the gpg/pgp keys of every debian developer. > That's a _lot_ of keys. Every debian developer really should have this. > No debian user really has any reason to have this. False. You are talking about the debian-keyring package: 11M debian-keyring_2005.05.28_all.deb 6.0K debian-archive-keyring_2006.01.18_all.deb debian-archive-keyring only contains the keys that are used to sign the archive, which are one for each year. And, TTBOMK, if apt does not Depend: of debian-archive-keyring, it's clearly not because size concerns about the keyring, but because d-a-k pulls gnupg, which pulls a fair amount of dependencies. IMO the solution to this is to create a package that only ships a stripped version of /usr/bin/gpgv, make d-a-k depend on that package instead of gnupg, and then make apt depend on d-a-k, and so half a year ago I requested [1] the creation of such package, because I wanted for this suboptimal situation to be fixed. [1] http://bugs.debian.org/340350 But it's something I can't fix myself, so if you want to express your support for this idea, you can mail 340350@xxxx.xxxxxx.xxx. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Rosa León - El barquito chiquititoThere's stuff above here
Generated at 22:01 on 05 Jun 2006 by mariachi 0.52