GnuPG 2.2 on elder Debian & Ubuntu distros

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Oct 28 00:28:21 CEST 2017


On Fri 2017-10-27 16:06:55 +0200, Bernhard Reiter wrote:
> There is a difference in packaging as
>   Jessie and Ubuntu LTS still have gnupg and gnupg2
> while 
>   Stretch (and Ubuntu 17.04) already have done the jump to 2.1.x
>   replacing GnuPG 1.4.x in the gnupg package.


I've looked into this for jessie, and i'm sad to say that there is
enough system integration work to make me want to spend my time
elsewhere.

A backport to stretch should be relatively easy to pull off.

The Jessie problems aren't necessarily problems with gpg itself -- it's
the ecosystem that has grown up around gpg, much of which is written as
though whatever idiosyncracies and corner cases the author encountered
with some particular version of gpg was exactly the way gpg should
behave, forever.  So introducing 2.1 or 2.2 to jessie results in
breakage of a number of other packages (see the litany of Breaks: at [0]
for what is probably not even a full set; now think about all the other
packages which depend on the packages listed as broken).

In stretch, all of that has been cleaned up, which is why the backport
should be relatively easy.

And in future versions of debian, we can hopefully keep the cruft down
by providing upstream-maintained language bindings that are more
attractive than the weird side-projects that seem to have sprung up
around trying to automate a complex, multifaceted tool with long history
of configuration choices.

It is helpful to have GnuPG upstream be really clear about what is an
expected stable machine-readable interface (and about what is *not*
expected to be stable for mechanical interaction).  So any contributions
that help to clarifying the formal API (even a "best minimal subset" of
it) would be a great positive contribution.

Sorry to not have better news for your Jessie and Ubuntu LTS systems :(
I'd love to be wrong!

   --dkg

[0] https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git/tree/debian/control#n259
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171027/53f00a71/attachment-0001.sig>


More information about the Gnupg-devel mailing list