gpg4win-vanilla and gpg4win-light still maintained by upstream.
This is no more the case unfortunately.
gpg4win-vanilla and gpg4win-light have been left on the now outdated and not maintained 2.0 gpg branch. These packages have not been updated for more than a year and are potentially putting users of these at risk. From now on, gpg4win will be the only package still maintained by upstream (on the 2.2 gpg branch).
Update gpg4win-vanilla and gpg4win-light to make them a dummy package depending on gpg4win. That way, all users of these outdated (lighter) packages will be upgraded to the current branch (2.2) of gpg4win, more secure and maintained.
The current gpg4win package is significantly lighter than what it was previously (claws mail has been removed for example).
If I get some sort of quorum/acceptance from some of you, I'll update these two packages in the days to come according to the description of this possible solution. What do you think? Any concerns here?
N/A
N/A
N/A
Why not this:
https://www.gnupg.org/download/index.html
Link: https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.7_20180502.exe
IMO we should make new gnupg package from above and keep all as it is. Note could be added on the existing packages that there are alternatives and security issues etc.
I agree that the gpg4win-* packages should be left as the current version, making them dummy packages would not be correct in this regard IMO.
What could be done though, is to update the packages and output a warning to users installing the package (just mentioning that it isn't supported anymore).
BTW, there already exist a gnupg package (well, the modern edition anyhow): https://chocolatey.org/packages/gnupg-modern
BTW, there already exist a gnupg package (well, the modern edition anyhow): https://chocolatey.org/packages/gnupg-modern
Yeah, this one is current. IMO it should be migrated here and made embedded. @wget, are you up for things we decided here, namely:
gnupg-modern here, IMO name should be changed to gnupg@majkinetor Ok. Understood. What kind of warning should I write? How am I supposed to write it? Simply with Write-Host or do you have any other Chocolatey PS helper across that cmdlet formatting the output as error or warning content?
How should I handle the gnupg-modern to gnupg dependency? Simply make gnupg-modern a dummy package depending on the new to be created gnupg.?
Write-Warning
Yes
Gnupg-modern should be migrated here, PR-ed there (its AU automatic).
@jtcmedia would you be interested in having the gnupg-modern package migrated to this repository?
Ya, no problem. I don't have time to do it myself at the moment so if someone else wants to fork and PR with changes suggested by @majkinetor, I'll remove it from my repo.
@AdmiringWorm @jtcmedia Done.
I'll now add the long awaited warning to the other outdated GPG4win packages.
Most helpful comment
@AdmiringWorm @jtcmedia Done.
I'll now add the long awaited warning to the other outdated GPG4win packages.