debian-keyring is a rather heavyweight Recommends for ubuntu-dev-tools, perhaps demote to Suggests?
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ubuntu-dev-tools (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
debian-keyring was promoted from a Suggests to a Recommends as a result of a user report in bug 717245.
However, either behaviours of tools have changed since then, or there was confusion between errors and warnings - if I use pull-debian-source without having debian-keyring installed on raring, the only downside is a couple of minor warning messages printed:
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./squashfs-
but the package is unpacked successfully.
debian-keyring is a huge package (42MB .deb) compared to ubuntu-dev-tools (157K .deb), so I'd suggest that it be demoted to a Suggests again, given the only purpose is to enable an optional feature.
This is of course a somewhat a matter of opinion, so feel free to Won't Fix if you don't agree.
| Stefano Rivera (stefanor) wrote | #1 |
| Benjamin Drung (bdrung) wrote | #2 |
| Dan Streetman (ddstreet) wrote | #3 |
| Changed in ubuntu-dev-tools (Ubuntu): | |
| status: | New → Won't Fix |
Arguably cryptographic verification isn't an optional feature.
I'd be happy to lower this to Suggests, if we printed an explanation in pull-debian-source, when the keyring isn't available