Hi! On Thu, 2025-05-15 at 20:55:30 +0200, Paul Gevers wrote: > On 15-05-2025 19:00, Guillem Jover wrote: > > > Ack, but please (for avoidance of any trouble) only upload after the > > > debian-installer RC1 has been released, which will be announced on > > > d-d-a. > > > > Perfect thanks! Ah, and also thanks for the explicit note, it was not > > entirely clear to me from the announcement, as that only mentioned > > udeb-producing packages, which dpkg is not. I'll wait until the > > release has happened. > > I don't think dpkg is involved, but I'd rather be safe then sorry.
Sure, no problem. > > > While reviewing I spotted the following, it seems like this might > > > now be obsolete in the Breaks: > > > # Uses new sq features, w/o requiring a hard dependency on sq. > > > sq (<< 0.40.0~), > > > > In stable/bookworm sq is currently at 0.27.0-2+b1, so to avoid > > breakage during partial upgrades it seems to me that's still relevant, > > but perhaps you were thinking about sqv which in stable/bookworm > > is currently at 1.1.0-1+b5? Or perhaps something else? > > I was more thinking that dpkg now doesn't drive sq anymore (as it's > not in the list of Depends) so I'd expect an older version of that > wouldn't matter. But reading the diff again, I see that > `DEFAULT_CMD` still points at sq, so I guess the code to drive sq is > still there. Or did I still misread the diff? Or perhaps something > else? Ah. The OpenPGP backends can support a "full" (in terms of what dpkg needs) OpenPGP implementation that can sign, verify, etc, (for the Sequoia backend that would be «sq»), or a "verification-only" implementation (for the Sequoia backend that would now be «sqv»). The users of the API can request whether the latter is enough for their use (such as dpkg-source), and then the auto-detection code will try to find a backend that has a suitable command available. sq is still in the list of Recommends/Suggests for the "full" implementation alternatives. sqv is now in the alternatives for the "verification-only" implementations (where in case an implementation does not have a matching "verification-only" command the one providing the "full" one is listed instead). Hope that clarifies. :) Thanks, Guillem
