security/password-store GnuPG dependency

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

security/password-store GnuPG dependency

Bernd S.
Hello,

password-store itself lists GnuPG 2 as a dependency [1], but the package
and port install GnuPG 1.4.21 (classic), I reckon that both are compatible
with password-store and each other.

But is there a specific reason for it to install gpg classic even when
gpg2 is already installed? Or even for gpg classic being the default,
instead of gpg2?

[1] https://git.zx2c4.com/password-store/tree/README
Reply | Threaded
Open this post in threaded view
|

Re: security/password-store GnuPG dependency

Antoine Jacoutot-7
On Fri, Aug 18, 2017 at 11:29:54AM -0400, Bernd S. wrote:

> Hello,
>
> password-store itself lists GnuPG 2 as a dependency [1], but the package
> and port install GnuPG 1.4.21 (classic), I reckon that both are compatible
> with password-store and each other.
>
> But is there a specific reason for it to install gpg classic even when
> gpg2 is already installed? Or even for gpg classic being the default,
> instead of gpg2?
>
> [1] https://git.zx2c4.com/password-store/tree/README

Since the README explicitely states gnupg2, I think we should go for this, even
if gnupg1 is compatible, to prevent surprises in the future.
OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/password-store/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- Makefile 7 Mar 2017 08:53:17 -0000 1.3
+++ Makefile 19 Aug 2017 10:14:31 -0000
@@ -3,6 +3,8 @@
 COMMENT = simple password store
 
 DISTNAME = password-store-1.7
+REVISION = 0
+
 CATEGORIES = security
 
 HOMEPAGE = http://www.passwordstore.org/
@@ -19,7 +21,7 @@ RUN_DEPENDS = converters/base64 \
  devel/git \
  graphics/libqrencode \
  misc/gnugetopt \
- security/gnupg \
+ security/gnupg2 \
  shells/bash \
  sysutils/colortree \
  x11/xclip

>

--
Antoine

Reply | Threaded
Open this post in threaded view
|

Re: security/password-store GnuPG dependency

Jeremie Courreges-Anglas-2
On Sat, Aug 19 2017, Antoine Jacoutot <[hidden email]> wrote:

> On Fri, Aug 18, 2017 at 11:29:54AM -0400, Bernd S. wrote:
>> Hello,
>>
>> password-store itself lists GnuPG 2 as a dependency [1], but the package
>> and port install GnuPG 1.4.21 (classic), I reckon that both are compatible
>> with password-store and each other.
>>
>> But is there a specific reason for it to install gpg classic even when
>> gpg2 is already installed? Or even for gpg classic being the default,
>> instead of gpg2?
>>
>> [1] https://git.zx2c4.com/password-store/tree/README
>
> Since the README explicitely states gnupg2, I think we should go for this, even
> if gnupg1 is compatible, to prevent surprises in the future.
> OK?

yup

> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/password-store/Makefile,v
> retrieving revision 1.3
> diff -u -p -r1.3 Makefile
> --- Makefile 7 Mar 2017 08:53:17 -0000 1.3
> +++ Makefile 19 Aug 2017 10:14:31 -0000
> @@ -3,6 +3,8 @@
>  COMMENT = simple password store
>  
>  DISTNAME = password-store-1.7
> +REVISION = 0
> +
>  CATEGORIES = security
>  
>  HOMEPAGE = http://www.passwordstore.org/
> @@ -19,7 +21,7 @@ RUN_DEPENDS = converters/base64 \
>   devel/git \
>   graphics/libqrencode \
>   misc/gnugetopt \
> - security/gnupg \
> + security/gnupg2 \
>   shells/bash \
>   sysutils/colortree \
>   x11/xclip
>
>>

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: security/password-store GnuPG dependency

David Dahlberg-2
In reply to this post by Antoine Jacoutot-7


> Am 19.08.2017 um 12:16 schrieb Antoine Jacoutot <[hidden email]>:
>
> Since the README explicitely states gnupg2, I think we should go for this, even
> if gnupg1 is compatible, to prevent surprises in the future.
> OK?

Sure.
Gpg1 has somewhat lesser dependencies, but lacks default support for the gpg-agent, which significantly increases the usability of pass. Also considering recent periods of subtle incompatibilities between both versions, maybe it is about time to phase out gpg1 anyways.