On Sun, Dec 06, 2009 at 03:31:12PM +0100, Julien Cristau wrote: > On Mon, Sep 14, 2009 at 16:23:43 +0200, Julien Cristau wrote: > > > Package: libcurl3-gnutls > > Version: 7.19.5-1.1 > > Severity: important > > > > gnupg now depends on libcurl3-gnutls, which depends on > > libgnutls+ca-certificates, and ca-certificates depends on openssl. This > > is a few too many crypto implementations in a single dep chain (and in > > the base system). Besides libcurl can very well be used without > > ca-certificates, so I think it belongs in Recommends or Suggests. > > > So apparently you ignored the 7.19.5-1.1 security nmu; fixing the found > version now. Please fix your Depends.
i really don't know how to fix this bug. in the history of curl it got reports both for depending and _not_ depending on ca-certificates, going through recommends obviously. clearly there are different expectations in the user-base. -----[ Domenico Andreoli, aka cavok --[ http://www.dandreoli.com/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
