Main Inclusion Report for sourcepackage

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/g/gnupg2/, available for all supported architectures

2. Rationale:

   • Build dependency of kdepim for S/MIME support

3. Security:

   • 1 CVE entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082, more for gnupg 1

   • No Secunia history (although gnupg 1 has a fair number http://secunia.com/search/?search=gnupg)

   • Currently installs suid root, but that should not be necessary since kernel 2.6.8 (mlock()).
   • Does not open any port.

4. Quality assurance:

   • Package works out of the box without configuration.
   • Package does not ask any debconf questions higher than priority 'normal'.
   • No showstopper Debian bugs.
   • Good maintenance in Debian (smurf!).
   • Active upstream, "I consider gpgsm and gpg-agent as stable."
   • Does not deal with exotic hardware which we cannot support.
   • Was in main for Hoary

5. Standards compliance:

   • Meets the FHS, Debian Policy

   • Standard debhelper packaging, standard patch system.

6. Dependencies:

   • All in main.

Reviewers

MartinPitt: will be approved after suid-root is dropped.