Discussion:
Processed: release-notes: clarify and document GnuPG transition for stretch
(too old to reply)
Debian Bug Tracking System
2017-04-18 19:20:01 UTC
Permalink
affects -1 src:gnupg2
Bug #860571 [release-notes] release-notes: clarify and document GnuPG transition for stretch
Added indication that 860571 affects src:gnupg2
--
860571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860571
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Joost van Baal-Ilić
2017-04-19 03:20:01 UTC
Permalink
Maybe add something like:

"The upgrade to "modern" GnuPG has been made as smooth as possible by offering
migration scripts. However, beware: The upgrade comes with some subtle
differences in GnuPG's interface. See /usr/share/doc/gnupg/README.Debian for
more information."

Rationale: I'm thinking of e.g. 'all access to secret key material is handled
by gpg-agent'.

Thanks for your patch!

Bye,

Joost
Package: release-notes
Severity: normal
Tags: patch
Control: affects -1 src:gnupg2
The GnuPG transition from jessie to stretch is a significant change.
We should document it in the release notes.
Attached is a proposed patch.
Regards,
--dkg
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
From a743629071b6d138df19fef102a4b7c09b20fa81 Mon Sep 17 00:00:00 2001
Date: Tue, 18 Apr 2017 15:07:53 -0400
Subject: [PATCH] Clarify and document GnuPG transition
---
en/whats-new.dbk | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/en/whats-new.dbk b/en/whats-new.dbk
index 0d6dcb7d..e91aad00 100644
--- a/en/whats-new.dbk
+++ b/en/whats-new.dbk
</row>
-->
<row id="new-gnupg">
- <entry>Gnupg<indexterm><primary>Gnupg</primary></indexterm></entry>
- <entry>2.0</entry>
+ <entry>GnuPG<indexterm><primary>GnuPG</primary></indexterm></entry>
+ <entry>1.4</entry>
<entry>2.1</entry>
</row>
<row id="new-inkscape">
@@ -471,6 +471,24 @@ so are still included there.
</para>
</section>
+<section id="modern-gnupg">
+ <title>Move to "Modern" GnuPG</title>
+ <para>
+ The stretch release is the first version of Debian to feature the
+ "Modern" branch of GnuPG in the <systemitem
+ role="package">gnupg</systemitem> package. This brings with it
+ elliptic curve cryptography, better defaults, a more modular
+ architecture, and improved smartcard support. The modern branch
+ also explicitly does not support some older, known-broken formats
+ (like PGPv3).
+ </para>
+ <para>
+ We will continue to supply the "classic" branch of GnuPG as
+ <systemitem role="package">gnupg1</systemitem> for people who need
+ it, but it is now deprecated.
+ </para>
+</section>
+
<section id="debug-archive">
<!-- jessie to stretch -->
<title>A new archive for debug symbols</title>
--
2.11.0
Daniel Kahn Gillmor
2017-04-19 13:00:03 UTC
Permalink
Post by Joost van Baal-Ilić
"The upgrade to "modern" GnuPG has been made as smooth as possible by offering
migration scripts.
Actually, i consider the one migration script that we offer
(migrate-pubring-from-classic-gpg) to be the least smooth part of the
process. The most smooth part of the process has been the work upstream
to make the upgraded gpg Just Work. I don't think that drawing
attention to the migration script (which shouldn't be necessary for most
people) in the release notes is a great idea.
Post by Joost van Baal-Ilić
However, beware: The upgrade comes with some subtle differences in
GnuPG's interface.
I think this bit might just be alarmism, and i'm not sure whether we
gain anything by it. Any major version upgrade of anything comes with
some subtle differences, no?
Post by Joost van Baal-Ilić
See /usr/share/doc/gnupg/README.Debian for more information."
I'd be fine with adding this sentence to the end of the first
paragraph if people think that would be useful.
Post by Joost van Baal-Ilić
Rationale: I'm thinking of e.g. 'all access to secret key material is handled
by gpg-agent'.
sure. Also, all network access is handled by dirmngr. and smartcard
access is handled by scdaemon. and there are new and better primitives
for automation. and we have upstream-supported python-bindings for
libgpgme. and a lot of other changes :)

but we want to keep the release notes short, right? if they're not
short, no one will read them, in which case we might as well not write
them in the first place, since (as you point out) all of these details
are surely shipped in various README.Debian and NEWS files already
anyway.

--dkg
Joost van Baal-Ilić
2017-04-19 15:10:03 UTC
Permalink
Post by Daniel Kahn Gillmor
Post by Joost van Baal-Ilić
"The upgrade to "modern" GnuPG has been made as smooth as possible by offering
migration scripts.
Actually, i consider the one migration script that we offer
(migrate-pubring-from-classic-gpg) to be the least smooth part of the
process. The most smooth part of the process has been the work upstream
to make the upgraded gpg Just Work. I don't think that drawing
attention to the migration script (which shouldn't be necessary for most
people) in the release notes is a great idea.
Post by Joost van Baal-Ilić
However, beware: The upgrade comes with some subtle differences in
GnuPG's interface.
I think this bit might just be alarmism, and i'm not sure whether we
gain anything by it. Any major version upgrade of anything comes with
some subtle differences, no?
Post by Joost van Baal-Ilić
See /usr/share/doc/gnupg/README.Debian for more information."
I'd be fine with adding this sentence to the end of the first
paragraph if people think that would be useful.
Post by Joost van Baal-Ilić
Rationale: I'm thinking of e.g. 'all access to secret key material is handled
by gpg-agent'.
sure. Also, all network access is handled by dirmngr. and smartcard
access is handled by scdaemon. and there are new and better primitives
for automation. and we have upstream-supported python-bindings for
libgpgme. and a lot of other changes :)
but we want to keep the release notes short, right? if they're not
short, no one will read them, in which case we might as well not write
them in the first place, since (as you point out) all of these details
are surely shipped in various README.Debian and NEWS files already
anyway.
You have a point. Let's add "See /usr/share/doc/gnupg/README.Debian for more
information." to the end of the first paragraph and be done with it. I _might_
have time (and the needed access, iirc) to that myself one of those days.

Thanks for your reply, Bye,

Joost
Debian Bug Tracking System
2017-04-28 08:40:04 UTC
Permalink
Your message dated Fri, 28 Apr 2017 08:34:00 +0000
with message-id <bf959f44-1b33-3137-6101-***@thykier.net>
and subject line Re: Bug#860571: [PATCH] Clarify and document GnuPG transition
has caused the Debian Bug report #860571,
regarding release-notes: clarify and document GnuPG transition for stretch
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)
--
860571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860571
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...