Bug#311843: severity?
Steve downgraded this bug from RC to normal, but the fact is that installing debsig-verify does seem to break the whole package management system, at least when that system is used with the existing Debian archive. Is there a reason not to consider this RC? Is there a reason why shipping debsig-verify in stable/testing adds any benefit over excluding it from those distributions? Note that there is nothing in the package description to warn what its effects will be when installed. -- see shy jo signature.asc Description: Digital signature
Bug#311843: severity?
On Mon, 2006-01-16 at 19:36 -0500, Joey Hess wrote: > Steve downgraded this bug from RC to normal, but the fact is that > installing debsig-verify does seem to break the whole package > management system, at least when that system is used with the existing > Debian archive. Is there a reason not to consider this RC? Is there a > reason why shipping debsig-verify in stable/testing adds any benefit > over excluding it from those distributions? Note that there is nothing > in the package description to warn what its effects will be when > installed. I think the bug is aimed at the wrong package. Nothing debsig-verify does can fix this. If we don't have the infrastructure, then apt/dpkg/whatever need to not use the feature by default. Assuming someone wants to use this feature, one would assume they are setting up their own package infrastructure, and one would assume that they also are doing a lot to configure this. Enabling apt/dpkg to use it is minor compared to the rest of the work. Why is it enabled by default? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#311843: severity?
Hi I just fell into the very same trap. I suggest you do the following: a) make crystal clear in the packages description (as shown by aptitude) that this has nothing to do with secure-apt. "This tool inspects and verifies package signatures based on predetermined policies." sounds just like "use this if you want packages verified". b) ensure that installing the package doesn't break the whole package system If this is a problem of dpkg, fine, but please do something about it. It's really confusing. Especially if debsig-verify is just one of a lot of packages to be installed, the installation fails from some point on and you get many many error messages. At first I wasn't even sure which package needed to be uninstalled. debsig-verify? dpkg-sig? (I think there was another one that seemed to have something to do with package signing) Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#311843: Severity of #311843 is critical
severity 311843 critical thanks Whether the problem originates from dpkg is irrelevant. Installation of this package makes unrelated software on the system (or the whole system) break, which makes this bug release critical. If the maintainer believes dpkg should not be using debsig-verify by default I suggest that he files another bug against that package. If he thinks resolving the bug against dpkg fixes this bug I suggest that he merges both reports. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
