debian-keyring is a rather heavyweight Recommends for ubuntu-dev-tools, perhaps demote to Suggests?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-dev-tools (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
debian-keyring was promoted from a Suggests to a Recommends as a result of a user report in bug 717245.
However, either behaviours of tools have changed since then, or there was confusion between errors and warnings - if I use pull-debian-source without having debian-keyring installed on raring, the only downside is a couple of minor warning messages printed:
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./squashfs-
but the package is unpacked successfully.
debian-keyring is a huge package (42MB .deb) compared to ubuntu-dev-tools (157K .deb), so I'd suggest that it be demoted to a Suggests again, given the only purpose is to enable an optional feature.
This is of course a somewhat a matter of opinion, so feel free to Won't Fix if you don't agree.
Arguably cryptographic verification isn't an optional feature.
I'd be happy to lower this to Suggests, if we printed an explanation in pull-debian-source, when the keyring isn't available