#754120 RFP: python-gnupg-ng -- A Python wrapper for GnuPG

#754120#5
Date:
2014-07-07 17:56:55 UTC
From:
To:
* Package name    : python-gnupg-ng
  Version         : 1.2.6
  Upstream Author : Isis Lovecruft <isis@leap.se>
* URL             : https://github.com/isislovecruft/python-gnupg
* License         : GPL
  Programming Lang: Python
  Description     : A Python wrapper for GnuPG

A Python interface for handling interactions with GnuPG, including
keyfile generation, keyring maintenance, import and export, encryption
and decryption, sending to and recieving from keyservers, and signing
and verification.
..
This is a fork of python-gnupg (from version 0.3.2), patched to
sanitize untrusted inputs, due to the necessity of executing
subprocess.Popen([...], shell=True) in order to communicate with GnuPG.
Several speed improvements were also made based on code profiling, and
the API has been cleaned up to support an easier, more Pythonic,
interaction.

#754120#8
Date:
2014-07-07 20:38:16 UTC
From:
To:
Hi,

Ben Carrillo <ben@futeisha.org> writes:

Why exactly should shell=True be necessary?

Ansgar

#754120#13
Date:
2014-07-07 22:15:21 UTC
From:
To:
The upstream version claims to still be called python-gnupg. There is a
python-gnupg package that hasn't been updated since 2014.

How does this package fit in with the existing python-gnupg package?

Thanks,
Iain.

#754120#18
Date:
2014-08-14 21:12:03 UTC
From:
To:
It turns out that shell=True (basically what started the fork) is not
needed now. Vinay changed it in the latest release of the "original"
python gnupg, which came after a bunch of CVEs and some comments in this
thread as a result of python-gnupg-ng:
http://seclists.org/oss-sec/2014/q1/303

The original reason for doing shell=True is/was commented on
python-gnupg (original) code: without that, it didn't work in windows.

So while it is true that Shell=True is not needed, python-gnupg-ng has
other advantages: its more community based (it has a bugtracker and
public repo, to begin with), the code has diverged from the original a
bit in adding various gnupg functionality to the module, re-reading of
the original having security and documentation in minde and improving
the overall code quality.

I'd argue that including this in Debian is a win because this one has:

 * Better gnupg options parsing
 * Better code structure.
 * Better documentation.
 * Open repo and bugtracker.

Also - we have a package ready to upload for it.

#754120#23
Date:
2014-08-16 23:33:34 UTC
From:
To:
Hi,

micah anderson wrote (14 Aug 2014 21:12:03 GMT) :

Where can I find this package?

Cheers,
--
intrigeri

#754120#28
Date:
2014-08-17 15:50:21 UTC
From:
To:
intrigeri <intrigeri@debian.org> writes:

It is available at:

deb http://deb.leap.se/debian sid main

as well as the git repository:

git clone https://leap.se/git/python_gnupg-ng.git

#754120#33
Date:
2014-08-19 17:40:11 UTC
From:
To:
Will be nice if python-gnupg-ng enters in debian. Besides my personal trust on
the skills of the fork's maintainer, and her criteria on the need of rework it's
security, the fact that the fork has an open active community I think fits
better the debian way.

Is there any blocker for it?

#754120#38
Date:
2014-08-29 03:09:03 UTC
From:
To:
For the record, this package is now in NEW:

https://ftp-master.debian.org/new/python-gnupg-ng_1.3.1-1.html

I also support the inclusion of this package in the archive.

A.

#754120#43
Date:
2014-08-29 03:46:37 UTC
From:
To:
note that upstream is considering a rename:

https://github.com/isislovecruft/python-gnupg/issues/47

#754120#48
Date:
2015-12-27 12:17:00 UTC
From:
To:
retitle 754120 RFP: python-gnupg-ng -- A Python wrapper for GnuPG
noowner 754120
tag 754120 - pending
thanks

Hi,

A long time ago, you expressed interest in packaging python-gnupg-ng. Unfortunately,
it seems that it did not happen. In Debian, we try not to keep ITP bugs open
for a too long time, as it might cause other prospective maintainers to
refrain from packaging the software.

This is an automatic email to change the status of python-gnupg-ng from ITP
(Intent to Package) to RFP (Request for Package), because this bug hasn't seen
any activity during the last 12 months.

If you are still interested in packaging python-gnupg-ng, please send a mail to
<control@bugs.debian.org> with:

 retitle 754120 ITP: python-gnupg-ng -- A Python wrapper for GnuPG
 owner 754120 !
 thanks

It is also a good idea to document your progress on this ITP from time to
time, by mailing <754120@bugs.debian.org>.  If you need guidance on how to
package this software, please reply to this email, and/or contact the
debian-mentors@lists.debian.org mailing list.

Thank you for your interest in Debian,

#754120#57
Date:
2022-07-03 22:32:30 UTC
From:
To:
The development of this package has stalled while the original has continued.
I am closing this because there are already enough python gnupg wrappers in Debian.