Bug#756477: devscripts: please lower debian-keyring to Suggests
Martin-Éric Racine
martin-eric.racine at iki.fi
Fri Aug 1 19:53:26 UTC 2014
2014-08-01 22:44 GMT+03:00 Jakub Wilk <jwilk at debian.org>:
> [IANA devscripts maintainer, and I'm not opposed to the downgrade you
> proposed. Just wanted to bring forward some ideas.]
>
> * Martin-Éric Racine <martin-eric.racine at iki.fi>, 2014-07-30, 11:24:
>>
>> The Recommends on debian-keyring pulls a significantly huge tarball. This
>> fills precious disk space without any immediate benefit since Debian's GPG
>> does not include its content by default anyhow.
>
>
> There *is* an immediate benefit: dscverify(1), who-uploads(1) and
> who-permits-uploads(1) use the Debian keyrings by default.
Noted.
> Now, this is true that debian-keyring is huge. Moreover, the vast majority
> of the space it takes are signatures, which aren't used by any on the
> devscripts tools.
>
> One obvious optimization would be to have a debian-keyring-minimal package,
> identical to debian-keyring, but with the non-essential signatures stripped
> (--export-options export-minimal). I estimate that size of such a package
> would be about 5MB (instead of 47MB).
>
> And who-uploads(1) and who-permits-uploads(1) don't even need a keyring.
> They just need a mapping between key-ids and developers' names and emails. A
> file with this information should take more than 200K compressed, even if it
> included also data from removed-keys.gpg.
Both of these options sound a lot more sensible than recommending this
humongous 47MB package. :)
Martin-Éric
More information about the devscripts-devel
mailing list