Control: retitle 896846 RFP: node-compressjs -- fast pure-JavaScript compression/decompression algorithms
Control: unclaim 896846 dkg@fifthhorseman.net
Control: noowner 896846
Control: retitle 894753 RFP: node-asmcrypto -- JavaScript Cryptographic Library
Control: unclaim 894753 dkg@fifthhorseman.net
Control: noowner 894753
Control: retitle 894752 RFP: node-rusha -- high-performance pure-javascript SHA1 implementation
Control: unclaim 894752 dkg@fifthhorseman.net
Control: noowner 894752
Control: retitle 787774 RFP: node-openpgp -- OpenPGP JavaScript Implementation (OpenPGP.js)
Control: unclaim 787774 dkg@fifthhorseman.net
Control: noowner 787774
I have tried to package OpenPGP.js for debian, but i don't think i have
the capacity to do it responsibly, so i'm releasing these tickets in the
hope that someone else with more stamina (or more
confidence/understanding of the node/npm ecosystem) can take the process
over.
I still want OpenPGP.js in debian, but i won't be the one maintaining it
in its current form. I would be very grateful to anyone who steps up to
this task.
What i've found in trying to package it is that each attempt to package
turns up several additional missing dependencies, and this process is
recursive. Including the packages necessary to actually build each
package from source (rather than just redistributing the blobs) and run
the package's unit tests adds even more dependencies. (i'm basing this
understanding on the output of npm2deb more than anything else -- if
that tool is incorrect, i'd love to hear more about it!)
i don't currently have the time to maintain dozens of new node packages,
unfortunately.
Furthermore, it seems that OpenPGP.js uses some slight variants of other
packages. for example, it uses a variant of compressjs that builds a
deployable version of bzip2, rather than either making that deployable
version as part of the openpgpjs build process, or getting that change
upstreamed into compressjs. in another example, the 3.0.x branch of
OpenPGP.js uses git master of https://github.com/indutny/elliptic,
rather than relying on a released version.
There are several tools that depend on OpenPGP.js that would be really
good to have in debian, and in general having another implementation of
OpenPGP built with the attention to software freedom, distributability,
and reproducibility that are the hallmarks of debian would be healthy
for the OpenPGP ecosystem. So i hope someone else can pick up this
packaging work. If you're interested and have questions about it, i'm
happy to try to consult with you, but i can't do it myself.
Many thanks to the folks on #debian-js who helped me understand just how
far over my head i'd need to go!
--dkg
Attachment:
signature.asc
Description: PGP signature