[arch-general] gnupg 2.1 not stable

Drake Wilson drake at dasyatidae.net
Thu Dec 18 03:32:26 UTC 2014


Doug Newgard wrote:
> LOL, are you serious? Do you know how long Arch operated without
> package signing? You now expect users to panic?

That's actually why I didn't run Arch before despite liking a lot of the
philosophy.  The big sticking point.  The only real reason.

Fortunately, now that I _know_ about this, due to the surrounding philosophy
of simple composability and user-centric control, it may become possible for
me to tweak my systems like earlier in the thread if I decide the main packagers
are playing too fast and loose with GnuPG versioning.  The upstream release cycle
seems a bit unclear and does not play particularly cleanly with the notion of
rolling-release Linux software distribution; the wording on the website doesn't
distinguish well how comparatively stable the modern branch can be expected to
be.

I do certainly think GnuPG is a special case and should be more carefully
integrated, even if it requires bending the general principle of avoiding lagging
upstream.  It's not clear to me whether falling back to the "stable" GnuPG is a
good way to do this.  I think _if_ "modern" can be demonstrated to be a /de facto/
development branch right now then it should be relegated to a more-experimental
package, but there's potential follow-on problems surrounding how many users test
the rest of the system with a newer GnuPG.

Has upstream actually been contacted about this to ask what they think?

   ---> Drake Wilson


More information about the arch-general mailing list