Hello dkg, On Sat 09 Nov 2019 at 04:57PM -05, Daniel Kahn Gillmor wrote:
> Thanks for your thoughtful and helpful feedback.
Of course! Series applied to master, except for a few commit message
edits (I was worried that we are quoting too much of the gpg manpage).
> On Sat 2019-11-09 08:46:34 -0700, Sean Whitton wrote:
>>> diff --git a/debian/control b/debian/control
>>> index fc2bccc..4c3b956 100644
>>> --- a/debian/control
>>> +++ b/debian/control
>>> @@ -38,6 +38,8 @@ Depends:
>>> Recommends:
>>> devscripts,
>>> git,
>>> + gpg,
>>> + gpg-agent,
>>
>> I think that Recommends: is a bit strong here. It would be perfectly
>> reasonable to use the whole mailscripts package without using this
>> feature of email-print-mime-structure. So please use Suggests:.
>
> we have python3-pgpy in Recommends: already, and this is analogous
> functionality. If you want to move them both to Suggests, i won't
> object too vociferously, but i think it would be a shame.
>
> Recommends already permits people to avoid installing these dependencies
> on constrained systems, and many users will have gpg and gpg-agent
> installed already, so this isn't actually much of an additional cost for
> many people. The goal of Recommends is to install the things that
> people will find typically useful, and i think this piece of
> functionality is (or at least should be) typically useful.
Well, what I had in mind, in particular, was how gpg-agent will get
added to /etc/X11/Xsession.d, and similar places. That's quite a bit
different to installing a Python library, to my mind.
It seems to me that it is more difficult to distinguish between
Recommends and Suggests for a package like mailscripts, because it is
reasonable to install mailscripts only to use one of its scripts. That
would not be an "unusual installation", to quote Policy.
Another example of a package like mailscripts is devscripts, and their
README says this:
... the individual dependencies (of scripts) are listed as
"Recommends" in the control file; lastly, scripts that are unlikely
to be used by many people have their dependencies categorized as
"Suggests" in the control file.
email-print-mime-structure's decryption capabilities are very cool but
highly specialised, when compared to some other things in mailscripts.
Finally, moving things Suggests->Recommends is less disruptive to users
than Recommends->Suggests, so I'd like to leave these in Suggests for
now, and we can promote them later if that looks sensible.
>> Also, reading the description of bin:gpg, it seems that you need to have
>> bin:gnupg for all secret key operations.
>
> bin:gnupg is the whole shebang -- much more than
> email-print-mime-structure needs, including things like gpg-wks-client,
> dirmngr, and gnupg-l10n. gpg-agent provides secret key material access,
> and gpg provides the binary frontend, so this really is the right
> surface area for the dependencies. (i'm one of the debian maintainers
> for the package, and was responsible for this particular split, fwiw)
Ah, thanks!
--
Sean Whitton
signature.asc
Description: PGP signature
