Hello dkg, On Sat 09 Nov 2019 at 04:57PM -05, Daniel Kahn Gillmor wrote:
> Thanks for your thoughtful and helpful feedback. Of course! Series applied to master, except for a few commit message edits (I was worried that we are quoting too much of the gpg manpage). > On Sat 2019-11-09 08:46:34 -0700, Sean Whitton wrote: >>> diff --git a/debian/control b/debian/control >>> index fc2bccc..4c3b956 100644 >>> --- a/debian/control >>> +++ b/debian/control >>> @@ -38,6 +38,8 @@ Depends: >>> Recommends: >>> devscripts, >>> git, >>> + gpg, >>> + gpg-agent, >> >> I think that Recommends: is a bit strong here. It would be perfectly >> reasonable to use the whole mailscripts package without using this >> feature of email-print-mime-structure. So please use Suggests:. > > we have python3-pgpy in Recommends: already, and this is analogous > functionality. If you want to move them both to Suggests, i won't > object too vociferously, but i think it would be a shame. > > Recommends already permits people to avoid installing these dependencies > on constrained systems, and many users will have gpg and gpg-agent > installed already, so this isn't actually much of an additional cost for > many people. The goal of Recommends is to install the things that > people will find typically useful, and i think this piece of > functionality is (or at least should be) typically useful. Well, what I had in mind, in particular, was how gpg-agent will get added to /etc/X11/Xsession.d, and similar places. That's quite a bit different to installing a Python library, to my mind. It seems to me that it is more difficult to distinguish between Recommends and Suggests for a package like mailscripts, because it is reasonable to install mailscripts only to use one of its scripts. That would not be an "unusual installation", to quote Policy. Another example of a package like mailscripts is devscripts, and their README says this: ... the individual dependencies (of scripts) are listed as "Recommends" in the control file; lastly, scripts that are unlikely to be used by many people have their dependencies categorized as "Suggests" in the control file. email-print-mime-structure's decryption capabilities are very cool but highly specialised, when compared to some other things in mailscripts. Finally, moving things Suggests->Recommends is less disruptive to users than Recommends->Suggests, so I'd like to leave these in Suggests for now, and we can promote them later if that looks sensible. >> Also, reading the description of bin:gpg, it seems that you need to have >> bin:gnupg for all secret key operations. > > bin:gnupg is the whole shebang -- much more than > email-print-mime-structure needs, including things like gpg-wks-client, > dirmngr, and gnupg-l10n. gpg-agent provides secret key material access, > and gpg provides the binary frontend, so this really is the right > surface area for the dependencies. (i'm one of the debian maintainers > for the package, and was responsible for this particular split, fwiw) Ah, thanks! -- Sean Whitton
signature.asc
Description: PGP signature