Hi Nilesh
Am 02.07.21 um 14:51 schrieb Nilesh Patra:On 02/07/21 12:04 PM, Peymaneh Nejad wrote:Another dependency for step-cli: https://salsa.debian.org/go-team/packages/golang-mozilla-pkcs7There's already github.com/fullsailor/pkcs7 of which the go.mozilla package is a fork. Is it impossible to replace the go.mozilla pkcs7 with the former in the package?If yes, that should be done. I do not see a lot of point (or any point) in packagingforks unless very essential. As an example, it has been done here[1] so if you can do so, make some tweaks and check, that'd be good. If it does not work, maybe it'd be better to add missing functionalitites as a debian patch to github.com/fullsailor/pkcs7 provided it isn't too hard to maintain
I looked into the diffs between the fullsailor/pkcs7 and the mozilla fork since this is also a dependency of smallstep/certificates (another of caddys dependencies).
To sum up:4 of the 7 functions that are used have been modified directly or indirectly by the fork. A complete overview of the changes is here[1]
While some of the changes are rather easy to patch (like adding support for another en-/decryption mode while staying backwards compatible) there are some commits that change the functions themselves and I am not sure if I can grasp the implications of the changes to the functionality of the package.
Please have a look and let me know what you think One consideration:If rather patching the discrepencies into one single debian package, I wonder if it wouldn't be more sustainable to migrate other packages from the fullsailor package to the mozilla fork: It looks more actively maintained and feature rich. It also seems easier to patch if nessessary: The fullsailor consists mainly of one source file of 962 lineswhereas the mozilla fork splits the original code into designated files like sign.go, encrypt.go etc each less than 500 lines.
Peymaneh [1] https://salsa.debian.org/peymaneh/gsoc/-/issues/17
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature