[csw-maintainers] The minimal version of gnupg
Maciej (Matchek) Blizinski
maciej at opencsw.org
Tue Oct 19 23:58:37 CEST 2010
No dia 19 de Outubro de 2010 19:18, Philip Brown <phil at bolthole.com> escreveu:
> On 10/19/10, Maciej (Matchek) Blizinski <maciej at opencsw.org> wrote:
>> Working through GPG related packages Dago and I have stumbled upon a
>> minimal version of GPG series 1.x:
>>
>> http://www.opencsw.org/packages/gnupg_minimal/
>>
>> I'm personally unaware of any scenario under which keeping gnupg is a
>> necessity. Is anyone on the mailing list aware of any scenario under
>> which the minimal version of GPG is necessary? If not, I'd be
>> inclined to remove this package from the catalog to reduce maintenance
>> load.
>
>
> packages are rarely "neccessary", but they are often "useful".
>
> It appears that the purpose of the gnupu_minimal" package, got
> corrupted in its last rebuild.
> It is supposed to avoid dependancies such as openldap_rt.
> In theory, even things like the curl_rt, since that itself, also pulls
> in openldap_rt.
> And that pulls in sasl. and openssl....
This sounds like a problem stemming from the lack of package
granularity; the libraries alone don't constitute that much of a
problem, I'd say. If openldap_rt depended only on shared libraries
from sasl, dependencies wouldn't be that prominent.
By the way, I'm wondering how the debian folk make the openldap
package an optional dependency, and whether we can do the same.
> Since gnupg is useful in the core of what we do: (pkg-get and pkgutil
> both use it), I think it is beneficial to our users to provide a
> "minimal" package of it, so as to minimize the number of required
> packages to install, before using our package transfer mechanisms
> securely.
If that's the goal, we could even embed the minimal gpg in the
pkg-get/pkgutil packages the same way wget is embedded there.
More information about the maintainers
mailing list