Ido Rosen i...@kernel.org on Wed, 2014/12/17 09:03:
From gnupg.org:
2.0.26 is the stable version suggested for most users,
2.1.1 is the brand-new modern version with support for ECC and many
other new features,
and 1.4.18 is the classic portable version.
Marking version 2.1 stable would
On 17/12/14 16:46, Jacob Joseph wrote:
On Thu, 18 Dec 2014 07:43:52 +1100
Gaetan Bisson bis...@archlinux.org wrote:
[2014-12-17 09:03:31 -0500] Ido Rosen:
2.0.26 is the stable version suggested for most users,
2.1.1 is the brand-new modern version
Arch is not stable, it's modern.
Besides,
Just to add a link showing the need for help for the gnupg developers it
may be worth having a quick look at
https://gnupg.org/blog/20141214-gnupg-and-g10.html
--
mike c
On Thu, 18 Dec 2014 05:11:00 -0500
P. A. López-Valencia vorb...@outlook.com wrote:
On 17/12/14 16:46, Jacob Joseph wrote:
On Thu, 18 Dec 2014 07:43:52 +1100
Gaetan Bisson bis...@archlinux.org wrote:
[2014-12-17 09:03:31 -0500] Ido Rosen:
2.0.26 is the stable version suggested for
From gnupg.org:
2.0.26 is the stable version suggested for most users,
2.1.1 is the brand-new modern version with support for ECC and many
other new features,
and 1.4.18 is the classic portable version.
The 2.1 series of gnupg is not stable, it still has many major bugs,
not the least of which is
On Wed, 17 Dec 2014 09:03:31 -0500, Ido Rosen wrote:
Given that it's not marked as stable upstream, and that it's such a
critical core component of Arch's infrastructure, I find it
questionable for Arch to have upgraded so soon.
Ido, thanks for the heads up :)!
I considered Arch's core as
Ralf,
On Wed, Dec 17, 2014 at 9:20 AM, Ralf Mardorf
ralf.mard...@rocketmail.com wrote:
On Wed, 17 Dec 2014 09:03:31 -0500, Ido Rosen wrote:
Given that it's not marked as stable upstream, and that it's such a
critical core component of Arch's infrastructure, I find it
questionable for Arch to
On Wed, 17 Dec 2014 09:32:20 -0500, Ido Rosen wrote:
Agreed that everything in core should be maximally stable.
Given that gpg is such a crucial core component of Arch's
infrastructure and that gpg 2.1 is NOT stable. Could we switch back
to gnupg 2.0.x (stable release)
GnuPG modern (2.1) is
On 17/12/14 09:32, Ido Rosen wrote:
Agreed that everything in core should be maximally stable. (Also,
following upstream stable releases rather than unstable releases fits
just fine with Arch's philosophy of following upstream releases, since
unstable releases are really just poorly named
On Wed, Dec 17, 2014 at 11:00 AM, P. A. López-Valencia
vorb...@outlook.com wrote:
On 17/12/14 09:32, Ido Rosen wrote:
Agreed that everything in core should be maximally stable. (Also,
following upstream stable releases rather than unstable releases fits
just fine with Arch's philosophy of
besides the upstream stable release discussion (which i will leave out
here) i have two small questions:
On 12/17/2014 03:03 PM, Ido Rosen wrote:
On the gnupg-devel mailing list I've seen a few
potentially serious security issues with it.
No offense, but out of interest:
Could you please point
On 17/12/14 11:28, Ido Rosen wrote:
We seem to be in agreement: 2.1.x is not yet in the set of upstream
*stable* releases, but 2.0.x is in that set.
Not really. You missed the as close to current.
Therefore, Arch should follow 2.0.x until upstream has marked 2.1.x as
stable. Someone made a
On Wed, Dec 17, 2014 at 12:41 PM, P. A. López-Valencia
vorb...@outlook.com wrote:
On 17/12/14 11:28, Ido Rosen wrote:
We seem to be in agreement: 2.1.x is not yet in the set of upstream
*stable* releases, but 2.0.x is in that set.
Not really. You missed the as close to current.
I didn't
The usual practice is to wait until there is a first point release that
catches the most glaring bugs, see for example how the kernel and the main
desktop environments are updated. The first point release was yesterday
(2014-12-16) and it is already in testing. This transition would have
On Wed, Dec 17, 2014 at 12:05 PM, Levente Polyak anthr...@archlinux.org wrote:
besides the upstream stable release discussion (which i will leave out
here) i have two small questions:
On 12/17/2014 03:03 PM, Ido Rosen wrote:
On the gnupg-devel mailing list I've seen a few
potentially serious
Also, since it was mentioned regarding 2.1.x: ECC support is nice to
have, but is a new feature that's not required for Arch db/package
verification. That's why I suggested that we downgrade gnupg to 2.0.x
and, for those users who are willing to take the risk with gnupg 2.1.x
before it is marked
On 17/12/14 13:04, Ido Rosen wrote:
Did you read the rest of that paragraph? You disregarded my points as
a red herring, then made a straw man argument that we should donate
instead of downgrading (and leave Arch users vulnerable). In the same
paragraph, you quote Arch policy which agrees
On Wed, Dec 17, 2014 at 1:46 PM, P. A. López-Valencia
vorb...@outlook.com wrote:
On 17/12/14 13:04, Ido Rosen wrote:
Did you read the rest of that paragraph? You disregarded my points as a
red herring, then made a straw man argument that we should donate instead of
downgrading (and leave
[2014-12-17 09:03:31 -0500] Ido Rosen:
2.0.26 is the stable version suggested for most users,
2.1.1 is the brand-new modern version
Arch is not stable, it's modern.
Besides, there are no open bugs regarding gnupg on our tracker.
--
Gaetan
On 12/17/2014 07:32 PM, Ido Rosen wrote:
Several security patches went into 2.1 after its release, and there
continue to be patches submitted for minor issues that are borderline
security/usability issues in the bug fix category. Most of those
bugs at worst result in DoSes, but two of them in
On Thu, 18 Dec 2014 07:43:52 +1100
Gaetan Bisson bis...@archlinux.org wrote:
[2014-12-17 09:03:31 -0500] Ido Rosen:
2.0.26 is the stable version suggested for most users,
2.1.1 is the brand-new modern version
Arch is not stable, it's modern.
Besides, there are no open bugs regarding
On Wed, 17 Dec 2014 14:19:09 -0500
Ido Rosen i...@kernel.org wrote:
The correct response is indeed for users to panic and demand that Arch
devs be more responsible about reading release notes before upgrading
such important core components of the system.
LOL, are you serious? Do you know how
Doug Newgard wrote:
LOL, are you serious? Do you know how long Arch operated without
package signing? You now expect users to panic?
That's actually why I didn't run Arch before despite liking a lot of the
philosophy. The big sticking point. The only real reason.
Fortunately, now that I
On Wed, 17 Dec 2014 21:32:26 -0600
Drake Wilson dr...@dasyatidae.net wrote:
Doug Newgard wrote:
LOL, are you serious? Do you know how long Arch operated without
package signing? You now expect users to panic?
That's actually why I didn't run Arch before despite liking a lot of
the
24 matches
Mail list logo