On 17/12/14 11:28, Ido Rosen wrote:
We seem to be in agreement: 2.1.x is not yet in the set of upstream *stable* releases, but 2.0.x is in that set.
Not really. You missed the "as close to current".
Therefore, Arch should follow 2.0.x until upstream has marked 2.1.x as stable. Someone made a mistake in upgrading to 2.1, so let's correct the mistake by downgrading back until it's safe, rather than leaving all of Arch's users at great security risk. Let's not forget that gnupg underlies all of Arch's security/integrity (i.e. pacman db and pkg signing) - it's how our users know that Arch is Alice-rch and not Eve-rch. IMO, downgrading is the responsible, smart (not stupid) thing to do, and let's not forget the last "S" in K.I.S.S... :-)
The usual practice is to wait until there is a first point release that catches the most glaring bugs, see for example how the kernel and the main desktop environments are updated. The first point release was yesterday (2014-12-16) and it is already in testing. This transition would have occurred sooner or later because the benefits outweigh the cost of moving to the newer version---e,g., the ability to use elliptical curve keys---, but it would've been reasonable to wait for this first point release.
I donated, but I do not see your name on the donation list? [0]
Do not stoop to personal attacks. Thank you. Besides that, I never make public my acts of charity. Have you read Matthew 6:3? Even good atheists practice it. -- Pedro Alejandro López-Valencia http://about.me/palopezv/ Every nation gets the government it deserves. -- Joseph de Maistre