[arch-general] gnupg 2.1 not stable

["P. A. López-Valencia"]

On 17/12/14 11:28, Ido Rosen wrote:
> We seem to be in agreement: 2.1.x is not yet in the set of upstream 
> *stable* releases, but 2.0.x is in that set. 

Not really. You missed the "as close to current".

> Therefore, Arch should follow 2.0.x until upstream has marked 2.1.x as 
> stable. Someone made a mistake in upgrading to 2.1, so let's correct 
> the mistake by downgrading back until it's safe, rather than leaving 
> all of Arch's users at great security risk. Let's not forget that 
> gnupg underlies all of Arch's security/integrity (i.e. pacman db and 
> pkg signing) - it's how our users know that Arch is Alice-rch and not 
> Eve-rch. IMO, downgrading is the responsible, smart (not stupid) thing 
> to do, and let's not forget the last "S" in K.I.S.S... :-) 

The usual practice is to wait until there is a first point release that 
catches the most glaring bugs, see for example how the kernel and the 
main desktop environments are updated. The first point release was 
yesterday (2014-12-16) and it is already in testing. This transition 
would have occurred sooner or later because the benefits outweigh the 
cost of moving to the newer version---e,g., the ability to use 
elliptical curve keys---, but it would've been reasonable to wait for 
this first point release.

> I donated, but I do not see your name on the donation list? [0]

Do not stoop to personal attacks. Thank you.

Besides that, I never make public my acts of charity. Have you read 
Matthew 6:3? Even good atheists practice it.

-- 
Pedro Alejandro López-Valencia
http://about.me/palopezv/

Every nation gets the government it deserves. -- Joseph de Maistre