>>> Anecdotal evidence against, currently gnupg 2.1.21 scdaemon bug will >>> happily sign a third party public keyblock's UID using signature subkey >>> on smartcard, which results in useless signature that doesn't have any >>> effect, but the application builds fine. >>> >>> This means gnupg 2.1.21 is not a candidate for stabilization, but it >>> certainly builds fine. >>> >> >> Stop trolling - you know perfectly well that this sort of issue would >> never ever be caught during arch testing. Nor should it be - it's called >> *arch* testing for a reason.
Question is what's more a problem: Having an outdated stable package because nobody cared about stabilizing a new version (in most cases this will end with a rushed stabilization once a security bug was fixed in the package) or move a package in time from ~ARCH to ARCH and deal with the fallout sometimes. Having a real AT doing real arch testing work would be ideal. But face it: We don't have the required man power. Let's try Debian's testing approach and move packages to ARCH in time and don't wait for some magical appearing bug reports because someone really tested a package in ~ARCH. Severe problems will be reported anyways... -- Regards, Thomas
signature.asc
Description: OpenPGP digital signature
