tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: pkgsrc/security/gnupg2

Ryo ONODERA <> writes:

> Is there any reason to depend on curses-based pinentry only?
> For example, in thunderbird enigmail case,
> pinentry-gtk2 works however curses-based pinentry does not work for me.
> MESSAGE or other documentation file should suggest pinentry* packages
> installation.

In general, I view the use of MESSAGES as a bug.  It was originally for
exceptional situations where the machine admin had to do something, and
it's grown into a substitute for documentation.

> I know gnupg2 package has the dependency to pinentry.
> i believe gnupg2 should not have pinentry dependency.

I can see your point, in that gnupg2 is usable without it, and if one
has pinentry-gtk2, there may be no need for many situations.
However, the real reason to avoid gnupg2 depending on pinentry-gtk2 is that it
requires gtk2, which is big.

The pinentry package is 136K (netbsd-6 i386), and it only depends on
things already required by gnupg2.  So I don't think it hurts enough to
remove it.  If pinentry-gtk2 and pinentry-qt4 could be added for 150K
each of footprint, I'd be in favor.  But pinentry-gtk2 and dependencies
is 65MB, and pinentry-qt4 is 98 MB.

All that said, because thunderbird is a gtk thing, not a qt thing,
having the enigmail plugin depend on pinentry-gtk2 seems reasonable.

Sort of realted, are we at the point where the gnupg2 package should
build gpg, and gpg 1 should be deprecated?  I'm not clear on why we are
still using gpg1.

Attachment: pgpeTbA5I3Af0.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index