Control: retitle 896846 RFP: node-compressjs -- fast pure-JavaScript compression/decompression algorithms Control: unclaim 896846 d...@fifthhorseman.net Control: noowner 896846 Control: retitle 894753 RFP: node-asmcrypto -- JavaScript Cryptographic Library Control: unclaim 894753 d...@fifthhorseman.net Control: noowner 894753 Control: retitle 894752 RFP: node-rusha -- high-performance pure-javascript SHA1 implementation Control: unclaim 894752 d...@fifthhorseman.net Control: noowner 894752 Control: retitle 787774 RFP: node-openpgp -- OpenPGP JavaScript Implementation (OpenPGP.js) Control: unclaim 787774 d...@fifthhorseman.net Control: noowner 787774
I have tried to package OpenPGP.js for debian, but i don't think i have the capacity to do it responsibly, so i'm releasing these tickets in the hope that someone else with more stamina (or more confidence/understanding of the node/npm ecosystem) can take the process over. I still want OpenPGP.js in debian, but i won't be the one maintaining it in its current form. I would be very grateful to anyone who steps up to this task. What i've found in trying to package it is that each attempt to package turns up several additional missing dependencies, and this process is recursive. Including the packages necessary to actually build each package from source (rather than just redistributing the blobs) and run the package's unit tests adds even more dependencies. (i'm basing this understanding on the output of npm2deb more than anything else -- if that tool is incorrect, i'd love to hear more about it!) i don't currently have the time to maintain dozens of new node packages, unfortunately. Furthermore, it seems that OpenPGP.js uses some slight variants of other packages. for example, it uses a variant of compressjs that builds a deployable version of bzip2, rather than either making that deployable version as part of the openpgpjs build process, or getting that change upstreamed into compressjs. in another example, the 3.0.x branch of OpenPGP.js uses git master of https://github.com/indutny/elliptic, rather than relying on a released version. There are several tools that depend on OpenPGP.js that would be really good to have in debian, and in general having another implementation of OpenPGP built with the attention to software freedom, distributability, and reproducibility that are the hallmarks of debian would be healthy for the OpenPGP ecosystem. So i hope someone else can pick up this packaging work. If you're interested and have questions about it, i'm happy to try to consult with you, but i can't do it myself. Many thanks to the folks on #debian-js who helped me understand just how far over my head i'd need to go! --dkg
signature.asc
Description: PGP signature
