hi patrick and other enigmail folks-- modern enigmail (2.0+) includes a copy of openpgp.js. It does not appear to be built from source, but is instead a straight copy of a generated block of javascript from the OpenPGP.js git repo (the node/javascript community appears to have a common pattern of committing their post-compilation artifacts).
Debian requires code to be built from the preferred form of
modification, so this blob isn't really appropriate in debian.
The obvious fix ("plan A", as it were) would be to build OpenPGP.js from
source in debian, and then make enigmail depend on that. however, i've
had a very difficult time getting that to happen cleanly. the
dependency trees in that ecosystem are quite deep, and i don't have the
bandwidth to package (and retain responsible maintainership for) the
dozen (or moreā½) node/javascript packages i would need to add to debian
in order to get OpenPGP.js packaged for debian.
So i'm leaning toward plan B, which is to remove OpenPGP.js from
enigmail when shipped with debian, and to figure out how to minimize the
harm/damage.
One advantage we have in this context is that in debian we can
explicitly set hard dependencies on versions of GnuPG. so if we need a
feature only available in GnuPG 2.2.3 or later, we can just make that
dependency explicit.
If anyone has a proposal for other ways to deal with this, or an
argument why this is a problematic approach, i would be happy to hear
it. I would also welcome any help in packaging OpenPGP.js for debian,
if anyone is interested in doing so.
I just wanted to give folks a heads-up of where i'm at in this
frustrating process; to apologize for the delay in dealing with this;
and to solicit any constructive feedback i can get.
Regards,
--dkg
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
