hi patrick and other enigmail folks-- modern enigmail (2.0+) includes a copy of openpgp.js. It does not appear to be built from source, but is instead a straight copy of a generated block of javascript from the OpenPGP.js git repo (the node/javascript community appears to have a common pattern of committing their post-compilation artifacts).
Debian requires code to be built from the preferred form of modification, so this blob isn't really appropriate in debian. The obvious fix ("plan A", as it were) would be to build OpenPGP.js from source in debian, and then make enigmail depend on that. however, i've had a very difficult time getting that to happen cleanly. the dependency trees in that ecosystem are quite deep, and i don't have the bandwidth to package (and retain responsible maintainership for) the dozen (or moreā½) node/javascript packages i would need to add to debian in order to get OpenPGP.js packaged for debian. So i'm leaning toward plan B, which is to remove OpenPGP.js from enigmail when shipped with debian, and to figure out how to minimize the harm/damage. One advantage we have in this context is that in debian we can explicitly set hard dependencies on versions of GnuPG. so if we need a feature only available in GnuPG 2.2.3 or later, we can just make that dependency explicit. If anyone has a proposal for other ways to deal with this, or an argument why this is a problematic approach, i would be happy to hear it. I would also welcome any help in packaging OpenPGP.js for debian, if anyone is interested in doing so. I just wanted to give folks a heads-up of where i'm at in this frustrating process; to apologize for the delay in dealing with this; and to solicit any constructive feedback i can get. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net