This package[1] provides a builddependency for caddy: github.com/smallstep/cli/crypto/x509utilsInitially I wanted to package the whole project, including its binary step-cli that seems to be a very useful tool to me. I revisited my plans and would propose to only package the library that is needed for caddy. As of now, it excludes any sourcecode not needed for providing github.com/smallstep/cli/crypto/x509utils to keep the dependences simple
my reasoning is that the binary pulls a lot of dependencies that are forks by the smallstep developers of other packages to suite the developers needs (See my last RFS on this ML). A complete overview is here[1].
Nilesh already wrote sometimes that they'd rather not upload forks if avoidable. An alternative would be to apply all the patches needed for building step-cli. . I skimmed through the source code and to me it seems that patching the original packages could break the intended functionality of several of the packages like zmap/zcrypto. I also fear that my novice programming skills together with my tight schedule are not the best situation for mangling around with code that is intended for verification and linting of TLS certificates.
mejo also approves of going for the first option. Please let me know what you think. If you approve, there would be two other questions:* right now, the package description explains that the package only provides this one library, do you think it would be appropriate to add a README file or something explaining this explicitly?
* for a source-only package golang-github-thomasrooney-gexpect (New queue) would not be needed anymore, I would then cancel the upload? Peymaneh [1] https://salsa.debian.org/go-team/packages/golang-github-smallstep-cli [2] https://salsa.debian.org/peymaneh/gsoc/-/issues/3
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature