[arch-general] gnupg 2.1 not stable

Ido Rosen ido at kernel.org
Wed Dec 17 18:04:53 UTC 2014


On Wed, Dec 17, 2014 at 12:41 PM, "P. A. López-Valencia"
<vorbote at outlook.com> wrote:
>
> On 17/12/14 11:28, Ido Rosen wrote:
>>
>> We seem to be in agreement: 2.1.x is not yet in the set of upstream
>> *stable* releases, but 2.0.x is in that set.
>
>
> Not really. You missed the "as close to current".

I didn't miss the as close to current.  You said "as close to current
as *upstream stable releases* allow."  2.1.x is not an upstream stable
release while 2.0.x is, therefore we are closer to current than
upstream stable releases allow.  So, as I said, we are in agreement,
and IMO a mistake was made and should be rectified by a downgrade
rather than leaving Arch users at risk of security breaches.

>> Therefore, Arch should follow 2.0.x until upstream has marked 2.1.x as
>> stable. Someone made a mistake in upgrading to 2.1, so let's correct the
>> mistake by downgrading back until it's safe, rather than leaving all of
>> Arch's users at great security risk. Let's not forget that gnupg underlies
>> all of Arch's security/integrity (i.e. pacman db and pkg signing) - it's how
>> our users know that Arch is Alice-rch and not Eve-rch. IMO, downgrading is
>> the responsible, smart (not stupid) thing to do, and let's not forget the
>> last "S" in K.I.S.S... :-)
>
>
> The usual practice is to wait until there is a first point release that
> catches the most glaring bugs, see for example how the kernel and the main
> desktop environments are updated. The first point release was yesterday
> (2014-12-16) and it is already in testing. This transition would have
> occurred sooner or later because the benefits outweigh the cost of moving to
> the newer version---e,g., the ability to use elliptical curve keys---, but
> it would've been reasonable to wait for this first point release.
>
>> I donated, but I do not see your name on the donation list? [0]
>
>
> Do not stoop to personal attacks. Thank you.
>
> Besides that, I never make public my acts of charity. Have you read Matthew
> 6:3? Even good atheists practice it.

It was not a personal attack.  You encouraged me to donate, so I did,
and was encouraging you to practice what you preach (i.e. to donate as
well).  I'm not Christian, but I think that's covered later on in
Matthew 7:2...?

Did you read the rest of that paragraph?   You disregarded my points
as a red herring, then made a straw man argument that we should donate
instead of downgrading (and leave Arch users vulnerable).  In the same
paragraph, you quote Arch policy which agrees with the downgrade...  I
guess you are just trolling.

Happy holidays, either way. :-)

>
>
> --
> Pedro Alejandro López-Valencia
> http://about.me/palopezv/
>
> Every nation gets the government it deserves. -- Joseph de Maistre


More information about the arch-general mailing list