>> Sounds like it should be in signing-party instead. > Indeed it very well may want to be part of signing-party when > it grows up... The primary rationale for it being separate now > includes:
> 1. As this tool is making assertions about signature strength which > important to our web of trust it is recommended that this > tool get peer testing and review on it's own (as to avoid > versioning signing-party at this early stage). > 2. It has been suggested that the correct implementation of > this tool is to read the keyring directly -- instead of using > gpg -- in which case the implementation may change significantly. > If these goals should be accomplished without creating a > separate package I would be happy to pursue that approach. I dont get why those two reasons make it need an own package. The implementation can well change even if its in s-p, as well as the testing can happen there? -- bye, Joerg Contrary to common belief, Arch:i386 is *not* the same as Arch: any. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
