[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates
Quoting Jérémy Lal (2016-10-25 01:49:01) > 2016-10-25 1:43 GMT+02:00 Daniel Lo Nigro : > > > Apart from that, is there a good reason to use Recommend instead of Depend > >> ? > > I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than > > "Depend" on ca-certificates. I think it's because wget still mostly > > works without it, it's just TLS/SSL connections that fail. Node.js > > behaves the same way, all of Node.js works without ca-certificates > > except for TLS connections. > > > > > I'm leaning toward Depend, because upstream bundles certificates (and > the nodejs debian package patches upstream to use ca-certificates > instead), users expect the usual certificates independently of how > they installed nodejs. Some use-cases of nodejs does not involve network access, and therefore not TLS either. Example build environment. Bootstrapping a chroot with ca-certificates takes more time and diskspace than without it. The correct package relation to use if there are corner cases without need is Recommends:. - Jonsa -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates
2016-10-25 1:43 GMT+02:00 Daniel Lo Nigro : > Apart from that, is there a good reason to use Recommend instead of Depend >> ? > > > I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than > "Depend" on ca-certificates. I think it's because wget still mostly works > without it, it's just TLS/SSL connections that fail. Node.js behaves the > same way, all of Node.js works without ca-certificates except for TLS > connections. > > I'm leaning toward Depend, because upstream bundles certificates (and the nodejs debian package patches upstream to use ca-certificates instead), users expect the usual certificates independently of how they installed nodejs. Jérémy -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates
> > Apart from that, is there a good reason to use Recommend instead of Depend > ? I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than "Depend" on ca-certificates. I think it's because wget still mostly works without it, it's just TLS/SSL connections that fail. Node.js behaves the same way, all of Node.js works without ca-certificates except for TLS connections. -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates
2016-10-25 0:26 GMT+02:00 Daniel Lo Nigro : > Package: nodejs > Version: 4.6.0~dfsg-2 > Severity: normal > > Dear Maintainer, > > When CA certificates are not available, Node.js scripts that try to > connect to remote servers using TLS/SSL fail with "Error: unable to get > local issuer certificate". > > Other packages that rely on TLS (such as wget and libcurl3-gnutls) > recommend the ca-certificates package, so nodejs should probably also do > this. > > This is a mistake - nodejs-dev got the dependency instead of nodejs. Apart from that, is there a good reason to use Recommend instead of Depend ? Jérémy -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates
Package: nodejs Version: 4.6.0~dfsg-2 Severity: normal Dear Maintainer, When CA certificates are not available, Node.js scripts that try to connect to remote servers using TLS/SSL fail with "Error: unable to get local issuer certificate". Other packages that rely on TLS (such as wget and libcurl3-gnutls) recommend the ca-certificates package, so nodejs should probably also do this. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (750, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-openvz-042stab108.8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages nodejs depends on: ii libc62.23-4 ii libgcc1 1:6.1.1-10 ii libicu57 57.1-2 ii libssl1.0.2 1.0.2h-1 ii libstdc++6 6.1.1-10 ii libuv1 1.9.1-1 ii zlib1g 1:1.2.8.dfsg-2+b1 nodejs recommends no packages. nodejs suggests no packages. -- no debconf information -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel