Doug Newgard wrote:
LOL, are you serious? Do you know how long Arch operated without package signing? You now expect users to panic?
That's actually why I didn't run Arch before despite liking a lot of the philosophy. The big sticking point. The only real reason. Fortunately, now that I _know_ about this, due to the surrounding philosophy of simple composability and user-centric control, it may become possible for me to tweak my systems like earlier in the thread if I decide the main packagers are playing too fast and loose with GnuPG versioning. The upstream release cycle seems a bit unclear and does not play particularly cleanly with the notion of rolling-release Linux software distribution; the wording on the website doesn't distinguish well how comparatively stable the modern branch can be expected to be. I do certainly think GnuPG is a special case and should be more carefully integrated, even if it requires bending the general principle of avoiding lagging upstream. It's not clear to me whether falling back to the "stable" GnuPG is a good way to do this. I think _if_ "modern" can be demonstrated to be a /de facto/ development branch right now then it should be relegated to a more-experimental package, but there's potential follow-on problems surrounding how many users test the rest of the system with a newer GnuPG. Has upstream actually been contacted about this to ask what they think? ---> Drake Wilson