Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 132343 - app-crypt/gnupg-1.9 and friends, stabilization requested
Summary: app-crypt/gnupg-1.9 and friends, stabilization requested
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Crypto team [DISABLED]
URL: http://lists.gnupg.org/pipermail/gnup...
Whiteboard:
Keywords:
Depends on: 130994
Blocks: 132213
  Show dependency tree
 
Reported: 2006-05-05 06:50 UTC by Carsten Lohrke (RETIRED)
Modified: 2007-01-01 13:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2006-05-05 06:50:52 UTC
We need the following ebuilds stable for KDE 3.5.2 (see bug 120587):

>=app-crypt/dirmngr-0.9.3 ~x86
>=dev-libs/libksba-0.9.13 ~x86 
>=dev-libs/libassuan-0.6.9 ~x86 
>=app-crypt/gpgme-1.1.2 ~x86 
>=app-crypt/gnupg-1.9.0 ~x86


Please check if the ebuild are ready and invite arch herds as soon as possible.
Comment 1 Caleb Tennis (RETIRED) gentoo-dev 2006-05-10 05:46:10 UTC
Crypto, does anyone object to asking arch teams to mark stable (other than the blocker bug issue) ?
Comment 2 Daniel Black (RETIRED) gentoo-dev 2006-05-10 06:50:51 UTC
no objections here. Feel free to CC the arches you want.

Arch testers:

If there is a self test in gnupg-1.9.20-r1 that fails due to USE=-smime. This is harmless as the self test is for a smime program.
Ref: https://bugs.gentoo.org/show_bug.cgi?id=131026#c5

app-crypt/gpgme-1.1.2-r1 is the same as app-crypt/gpgme-1.1.2 except --with-gnusm (smime stuff) forced instead of a USE flag. There is no logical change that would preclude a stabilization.
Comment 3 Carsten Lohrke (RETIRED) gentoo-dev 2006-05-12 16:51:50 UTC
Please add app-crypt/pinentry to the list.
Comment 4 Chris Gianelloni (RETIRED) gentoo-dev 2006-05-16 13:34:13 UTC
So should we start working on this or what?
Comment 5 Markus Ullmann (RETIRED) gentoo-dev 2006-05-21 10:06:28 UTC
Well as we have nothing left to stop this, let's dance ;)

Please test and mark stable
Comment 6 Markus Ullmann (RETIRED) gentoo-dev 2006-05-21 10:20:46 UTC
Okay, stop for a minute, taviso raised objections, discussion on -dev is about to be started
Comment 7 Tavis Ormandy (RETIRED) gentoo-dev 2006-05-21 11:21:34 UTC
I think splitting gnupg into gnupg2 gpgsm is a better idea, marking gnupg-1.9.x would be pretty dangerous. 

removing arches for now until these new packages are ready.
Comment 8 Stefan Schweizer (RETIRED) gentoo-dev 2006-05-21 12:30:09 UTC
After some discussion on #gentoo-dev I added a new revision of gnupg-1.9.20 that has a gpg2-experimental useflag to not install the unstable gpg2.
It is currently masked. Please test if it works ok.
Comment 9 Carsten Lohrke (RETIRED) gentoo-dev 2006-05-25 06:57:41 UTC
Would the crypto herd take bug 13337 into account, please?
Comment 10 Chris Gianelloni (RETIRED) gentoo-dev 2006-05-25 11:18:24 UTC
Bug #13337?  I'm sure you meant another one.

Anyway, I'm testing this new masked version on x86 and it works fine for signing/encrypting/decrypting.  I say it is ready to go (at least on x86).
Comment 11 Markus Ullmann (RETIRED) gentoo-dev 2006-05-25 12:57:02 UTC
Full ack ;)
Comment 12 Chris Gianelloni (RETIRED) gentoo-dev 2006-05-25 14:19:13 UTC
I've gone ahead and done the KEYWORDS for this stuff for x86.  You'll probably want to unmask the newer gnupg revision, as I didn't touch that.  I feel that is best left up to the maintainers.
Comment 13 cilly 2006-05-26 03:14:18 UTC
On the gnupg homepage it is said clearly, that gnupg 1.9.x is the developer branch:

"GnuPG 1.9 is the development branch of GnuPG with support for S/MIME."

Since: 

the gnupg project is alive
the devs aren't run over by a bus
the devs are working on it and will release never versions

It is not wise to mark software out of the developer branch as stable and to confuse others!

This software IS developer software and 1.9 will never be released it will always be a developer branch, this has not to be added to a stable system!

I see this as a security flaw, since gnupg checks signatures and provides integrity.
Comment 14 Henrik Brix Andersen 2006-05-26 03:20:00 UTC
(In reply to comment #13)
> It is not wise to mark software out of the developer branch as stable and to
> confuse others!

I fully agree. We should not mark developer snapshots/developer releases stable in Gentoo Portage when upstream doesn't consider the code ready for production use.
Comment 15 Chris Gianelloni (RETIRED) gentoo-dev 2006-05-26 06:12:01 UTC
Well, the version that I marked stable is still masked, so if you guys feel like reverting the KEYWORDS, it shouldn't affect anyone (other than those that have unmasked it intentionally).
Comment 16 Daniel Black (RETIRED) gentoo-dev 2006-05-26 06:17:00 UTC
It is considered stable by upstream which is why this request went ahead. Refer URL.
Comment 17 Daniel Black (RETIRED) gentoo-dev 2006-05-26 06:35:10 UTC
Tavis, Henrik - upstream are happy. Are you?
Comment 18 Chris Gianelloni (RETIRED) gentoo-dev 2006-05-26 07:31:35 UTC
So can I do amd64 yet?

*grin*
Comment 19 Henrik Brix Andersen 2006-05-26 07:54:25 UTC
(In reply to comment #17)
> Tavis, Henrik - upstream are happy. Are you?

That announcement is not reflected on their web site, which is where I checked. Thank you for clearing that up. Thumbs up from me :)
Comment 20 Chris Gianelloni (RETIRED) gentoo-dev 2006-05-26 08:07:08 UTC
In that case... amd64 is done... =]
Comment 21 Doug Goldstein (RETIRED) gentoo-dev 2006-05-26 17:54:38 UTC
Shouldn't you guys add some arches?
Comment 22 Daniel Black (RETIRED) gentoo-dev 2006-05-26 18:42:10 UTC
Take 2:

As per URL most of the gnupg-1.9 branch is stable. The gpg from gnupg-1.4 is still recommended for day to day use. This explains the odd dependency on it self and the gpg2-experimental USE flag.

The stable targets are:
=app-crypt/dirmngr-0.9.3
=dev-libs/libksba-0.9.13
=dev-libs/libassuan-0.6.10
=app-crypt/gpgme-1.1.2-r1
=app-crypt/gnupg-1.9.20-r3

From memory all these programs include good selftests.
Comment 23 Carsten Lohrke (RETIRED) gentoo-dev 2006-05-28 06:17:38 UTC
(In reply to comment #10)
> Bug #13337?  I'm sure you meant another one.

Sorry. Bug 133377.
Comment 24 Jason Wever (RETIRED) gentoo-dev 2006-05-29 12:34:52 UTC
Everything is now SPARC stable
Comment 25 Joe Jezak (RETIRED) gentoo-dev 2006-05-29 18:58:18 UTC
Marked ppc stable.
Comment 26 Thomas Cort (RETIRED) gentoo-dev 2006-05-31 21:48:28 UTC
alpha stable.
Comment 27 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-10-04 21:20:25 UTC
arm/hppa/mips/s390: *bump* on stabilization.
See commment 22 for the list.
Comment 28 CPUShare 2006-11-06 10:55:31 UTC
may I ask why gnupg-1.9 has gnupg-1.4 as a dependency? That looks a bit confusing. I monitor duplicate packages through emerge -p -P, and I couldn't figure out which was the package requiring gnupg-1.4, until I figured out it was gnupg-1.9 itself ;). "equery depends gnupg" doesn't show gnupg as a dependency on itself, that's why I couldn't figure it out (I had to read the .ebuild to figure it out for sure).

Perhaps the rdependency is what requires it? Does it mean gpg-1.9 requires 1.4 to be installed in order to build? Shouldn't then 1.4 be deleted completely from the system instead of hanging around in emerge -p -P listing?
Comment 29 Daniel Black (RETIRED) gentoo-dev 2006-11-06 11:27:45 UTC
(In reply to comment #28)
> may I ask why gnupg-1.9 has gnupg-1.4 as a dependency?
Earlier versions of gnupg-1.9 (<1.9.92) needed gnupg-1.4 to provide the full compliment of service.
http://lists.gnupg.org/pipermail/gnupg-announce/2005q4/000209.html

> That looks a bit confusing.
Yes - thankfully the upstream have merged 1.4 codebase into 1.9.92
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000236.html

> Does it mean gpg-1.9 requires 1.4
> to be installed in order to build?
no - its a RDEPEND

> Shouldn't then 1.4 be deleted completely
no - not fully stable - see 1.9.92 annoucement
Comment 30 Jeroen Roovers (RETIRED) gentoo-dev 2006-11-15 16:01:53 UTC
HPPA done.
Comment 31 Jakub Moc (RETIRED) gentoo-dev 2007-01-01 13:20:32 UTC
Nothing left to do here...