[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnupload and gpg2
From: |
Jim Meyering |
Subject: |
Re: gnupload and gpg2 |
Date: |
Sat, 19 May 2018 16:44:50 -0700 |
On Sat, May 19, 2018 at 4:14 PM, Bruno Haible <address@hidden> wrote:
> Hi Jim,
>
>> The only thing I would have done differently would be to add
>> "FIXME-2020" or similar to your comment
>
> Why 2020? I wrote:
>
> Ubuntu 2016.04 (which is supported until April 2021,
> that is, 3 years from now), has `gpg --version` = 1.x.
>
> So, if it's supported until April 2021, you can assume some users will use
> it until 2025. In order to not gratuitously hurt these users, I would suggest
> keep this code until at least 2025.
Hi Bruno,
This is a tool by which one uploads signed tarballs to (usually) GNU
servers, presumably for mass distribution. As such, I think we are
justified in holding packagers/uploaders to a higher standard. At the
very least, we should feel justified in expecting that an uploader run
on a reasonably secure system: i.e., one that is still being
maintained.
That said, you're welcome to change the comment however you'd like.
Thanks for all your help,
Jim