|
|
|
|
|
|
by upofadown
395 days ago
|
|
|
Debian does a lot of patching that is not strictly required for distribution reasons. Here are the GnuPG patches for example: * https://udd.debian.org/patches.cgi?src=gnupg2&version=2.4.7-... There is a lot of political stuff in there related to standards. For a specific example see: * https://sources.debian.org/src/gnupg2/2.4.7-19/debian/patche... The upstream GnuPG project (and the standards faction they belong to) specifically opposes the use of keys without user IDs as it is a potential security issue. It is also specifically disallowed by the RFC4880 OpenPGP standard. By working through the Debian process, the proponents of such keys are bypassing the position of the upstream project and the standard. |
|
|
To be fair, in Debian's case politics come with the territory. Debian is a vision of what an OS should be like. With policies, standards & guidelines aimed at that, treating the OS as a whole.
That goes well beyond "gather packages, glue together & upload".
Same goes for other distributions I suppose (some more, some less).