Bug#346597: marked as done (please don't ship gpg u+s)

[Debian Bug Tracking System]

Your message dated Sat, 03 May 2008 15:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#453122: fixed in gnupg 1.4.6-2.2
has caused the Debian Bug report #453122,
regarding please don't ship gpg u+s
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
453122: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453122
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: gnupg
Version: 1.4.2
Severity: wishlist

Since the mlock-as-a-user patch got into the linux kernel with 2.6.9 it
is no longer necessary for GnuPG to be installed suid root in order to
protect certain data from being swapped out.

If we don't plan on shipping a 2.4 kernel with etch then gpg should
probably no longer be installed suid root.  Maybe it's worth doing even
if we still support 2.4 in etch (and let the user do dpkg-statoverride
or similar).

Cheers,
Peter

--- End Message ---

--- Begin Message ---

Source: gnupg
Source-Version: 1.4.6-2.2

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive:

gnupg-udeb_1.4.6-2.2_i386.udeb
  to pool/main/g/gnupg/gnupg-udeb_1.4.6-2.2_i386.udeb
gnupg_1.4.6-2.2.diff.gz
  to pool/main/g/gnupg/gnupg_1.4.6-2.2.diff.gz
gnupg_1.4.6-2.2.dsc
  to pool/main/g/gnupg/gnupg_1.4.6-2.2.dsc
gnupg_1.4.6-2.2_i386.deb
  to pool/main/g/gnupg/gnupg_1.4.6-2.2_i386.deb
gpgv-udeb_1.4.6-2.2_i386.udeb
  to pool/main/g/gnupg/gpgv-udeb_1.4.6-2.2_i386.udeb
gpgv_1.4.6-2.2_i386.deb
  to pool/main/g/gnupg/gpgv_1.4.6-2.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 03 May 2008 16:20:56 +0200
Source: gnupg
Binary: gnupg gpgv gnupg-udeb gpgv-udeb
Architecture: source i386
Version: 1.4.6-2.2
Distribution: unstable
Urgency: low
Maintainer: James Troup <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
Closes: 346597 356550 453122
Changes: 
 gnupg (1.4.6-2.2) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Do not install gpg setuid root, this is not necessary anymore since
     Linux kernel 2.6.9. (Closes: #356550, #346597, #453122)
   * Update priority to match override.
Checksums-Sha1: 
 6d1d8d6857b212086cd6ca535845606db9936975 1357 gnupg_1.4.6-2.2.dsc
 50f5c7095da65f603dc95a4433ebe1f27af4cfe9 24178 gnupg_1.4.6-2.2.diff.gz
 af287eac235ac64ea343e8a4012e8445c45ec28d 1816116 gnupg_1.4.6-2.2_i386.deb
 7df976b39f361b5eb30ff904c9b99b8578deeba0 141452 gpgv_1.4.6-2.2_i386.deb
 fa5514dadd177c18b7c61a4b2261d53114dfc031 127194 gpgv-udeb_1.4.6-2.2_i386.udeb
 db9674a1a5647ef3f392ad8ea4952fdc12b8a82d 350412 gnupg-udeb_1.4.6-2.2_i386.udeb
Checksums-Sha256: 
 1258f02a338925f78030f79faf921b906329719370501185e050d750acbc748f 1357 
gnupg_1.4.6-2.2.dsc
 eb99447033c434e13cb9fc19963d0e88cfc0f078eeb12b0629ff9fdd63df66fb 24178 
gnupg_1.4.6-2.2.diff.gz
 7338acc6e0b8f0d83c838bc7f9f47bbb79c078eb40b9a5a05dd3383d72178a03 1816116 
gnupg_1.4.6-2.2_i386.deb
 fd12f27be94632cf484e296beab64282bebc5bcc68e4a545aca05b1de8f2f50b 141452 
gpgv_1.4.6-2.2_i386.deb
 cde2e651ef2f5d527e0c0bf01cd7856ec3836a63e042430f6390212593dadd42 127194 
gpgv-udeb_1.4.6-2.2_i386.udeb
 0256136ad8761410a017bebe7f7e65f3f211c99e397bd76f6c87f491287b0b2d 350412 
gnupg-udeb_1.4.6-2.2_i386.udeb
Files: 
 fd3a116f15f389c835a95498bb0eec57 1357 utils important gnupg_1.4.6-2.2.dsc
 f03977fb64167fdd8471dc58eee0dd96 24178 utils important gnupg_1.4.6-2.2.diff.gz
 001599f85040a2ff998a475b19f27c18 1816116 utils important 
gnupg_1.4.6-2.2_i386.deb
 80671e48edd13a7fb4b5a8c965a687d8 141452 utils important gpgv_1.4.6-2.2_i386.deb
 db4b68c57c10d8454d7ac4d13d1114de 127194 debian-installer extra 
gpgv-udeb_1.4.6-2.2_i386.udeb
 f9fb7ef188560b5693ee30da5dee907e 350412 debian-installer extra 
gnupg-udeb_1.4.6-2.2_i386.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSBx812z0hbPcukPfAQJglwf8D97qeeu3eoJRMVP+y91Op8Qmywxf0D/9
+qC7UiCNvrax+/VwMVPBGE1eTd7JetZX0auhd9fGxnjYoxXtv1pQUfKI8qtF7arB
KQ9D+FzBme6UAybQDpe8kcIHZ19KrgnRh7pcQ7VSfMfuAAy5xum845eQuJSrKjht
MIc1jhEQdyALy/eHBUp0pEeb7dfr2zZrkAgUWo1oPhb0YVnHjdymBiIIAvnZGTlz
MhGUMlmXD48mZw1OHnSTOJtLAmdSHrpiDvEHB1ZoG7XCDJJirBQ/lb/TbU2379IT
DEz/baQ6byVOrkr/LTWWBjqPMVUqQnrdWnl01QSKC4JXq5k+6sZP7w==
=m+xe
-----END PGP SIGNATURE-----

--- End Message ---