[arch-dev-public] Upgrading gnupg to 2.0 branch, removing gnupg2

[Tom Gundersen]

On Sun, Mar 18, 2012 at 8:00 AM, Allan McRae <allan at archlinux.org> wrote:
> Now...  has anyone proposing this actually done the work and noted which
> configure options get disabled when building gpgme against only one of
> gnupg or gnupg2.  I remember there was differences when I was looking
> into this for the same request made back in 2010
> (https://bugs.archlinux.org/task/22110).  I can not remember the
> results, but I remember there was a difference.

I tried building it only against gnupg2, and as far as I could tell it
made no difference. If I understood correctly building against gnupg1
means that we don't get support for gpgms (at least).

Dropping gnupg2 does not sound like a good idea, as that means people
would have to build a second verision of gpgme to get gnupg2 features.
Furthermore, if we drop gnupg1, we could eventually drop it from the
repos all together, which would not be the case for gnup2 as it has
more features people might need.

As to the stability, I don't know much about this. It seems that
upstream needs to clarify their communication, in the release
announcement of 2.0.18 they refer to it as "stable" and make no
suggestions that version 1 should be better in this regard:

"We are pleased to announce the availability of a new stable GnuPG-2
release:  Version 2.0.18.

[...]

GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.11) in
that it splits up functionality into several modules.  However, both
versions may be installed alongside without any conflict.  In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching.  The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time.  We will keep maintaining GnuPG-1
versions because they are very useful for small systems and for server
based applications requiring only OpenPGP support."

Cheers,

Tom