On 17/12/14 11:28, Ido Rosen wrote:
We seem to be in agreement: 2.1.x is not yet in the set of upstream
*stable* releases, but 2.0.x is in that set.
Not really. You missed the "as close to current".
Therefore, Arch should follow 2.0.x until upstream has marked 2.1.x as
stable. Someone made a mistake in upgrading to 2.1, so let's correct
the mistake by downgrading back until it's safe, rather than leaving
all of Arch's users at great security risk. Let's not forget that
gnupg underlies all of Arch's security/integrity (i.e. pacman db and
pkg signing) - it's how our users know that Arch is Alice-rch and not
Eve-rch. IMO, downgrading is the responsible, smart (not stupid) thing
to do, and let's not forget the last "S" in K.I.S.S... :-)
The usual practice is to wait until there is a first point release that
catches the most glaring bugs, see for example how the kernel and the
main desktop environments are updated. The first point release was
yesterday (2014-12-16) and it is already in testing. This transition
would have occurred sooner or later because the benefits outweigh the
cost of moving to the newer version---e,g., the ability to use
elliptical curve keys---, but it would've been reasonable to wait for
this first point release.
I donated, but I do not see your name on the donation list? [0]
Do not stoop to personal attacks. Thank you.
Besides that, I never make public my acts of charity. Have you read
Matthew 6:3? Even good atheists practice it.
--
Pedro Alejandro López-Valencia
http://about.me/palopezv/
Every nation gets the government it deserves. -- Joseph de Maistre
