subject:"\[Pkg\-javascript\-devel\] Bug#841981\: nodejs should recommend ca\-certificates"

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

2016-10-25 Thread Jonas Smedegaard

Quoting Jérémy Lal (2016-10-25 01:49:01)
> 2016-10-25 1:43 GMT+02:00 Daniel Lo Nigro :
> 
> > Apart from that, is there a good reason to use Recommend instead of Depend
> >> ?
> > I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than 
> > "Depend" on ca-certificates. I think it's because wget still mostly 
> > works without it, it's just TLS/SSL connections that fail. Node.js 
> > behaves the same way, all of Node.js works without ca-certificates 
> > except for TLS connections.
> >
> >
> I'm leaning toward Depend, because upstream bundles certificates (and 
> the nodejs debian package patches upstream to use ca-certificates 
> instead), users expect the usual certificates independently of how 
> they installed nodejs.

Some use-cases of nodejs does not involve network access, and therefore 
not TLS either. Example build environment.  Bootstrapping a chroot with 
ca-certificates takes more time and diskspace than without it.

The correct package relation to use if there are corner cases without 
need is Recommends:.


 - Jonsa

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Jérémy Lal

2016-10-25 1:43 GMT+02:00 Daniel Lo Nigro :

> Apart from that, is there a good reason to use Recommend instead of Depend
>> ?
>
>
> I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than
> "Depend" on ca-certificates. I think it's because wget still mostly works
> without it, it's just TLS/SSL connections that fail. Node.js behaves the
> same way, all of Node.js works without ca-certificates except for TLS
> connections.
>
>
I'm leaning toward Depend, because upstream bundles certificates (and the
nodejs debian package patches upstream to use ca-certificates instead),
users expect the usual certificates independently of how they installed
nodejs.

Jérémy
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Daniel Lo Nigro

>
> Apart from that, is there a good reason to use Recommend instead of Depend
> ?


I'm not sure. wget and libcurl3-gnutls both "Recommend" rather than
"Depend" on ca-certificates. I think it's because wget still mostly works
without it, it's just TLS/SSL connections that fail. Node.js behaves the
same way, all of Node.js works without ca-certificates except for TLS
connections.
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Jérémy Lal

2016-10-25 0:26 GMT+02:00 Daniel Lo Nigro :

> Package: nodejs
> Version: 4.6.0~dfsg-2
> Severity: normal
>
> Dear Maintainer,
>
> When CA certificates are not available, Node.js scripts that try to
> connect to remote servers using TLS/SSL fail with "Error: unable to get
> local issuer certificate".
>
> Other packages that rely on TLS (such as wget and libcurl3-gnutls)
> recommend the ca-certificates package, so nodejs should probably also do
> this.
>
>
This is a mistake - nodejs-dev got the dependency instead of nodejs.

Apart from that, is there a good reason to use Recommend instead of Depend ?

Jérémy
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

2016-10-24 Thread Daniel Lo Nigro

Package: nodejs
Version: 4.6.0~dfsg-2
Severity: normal

Dear Maintainer,

When CA certificates are not available, Node.js scripts that try to connect to 
remote servers using TLS/SSL fail with "Error: unable to get local issuer 
certificate".

Other packages that rely on TLS (such as wget and libcurl3-gnutls) recommend 
the ca-certificates package, so nodejs should probably also do this.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (750, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-openvz-042stab108.8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nodejs depends on:
ii  libc62.23-4
ii  libgcc1  1:6.1.1-10
ii  libicu57 57.1-2
ii  libssl1.0.2  1.0.2h-1
ii  libstdc++6   6.1.1-10
ii  libuv1   1.9.1-1
ii  zlib1g   1:1.2.8.dfsg-2+b1

nodejs recommends no packages.

nodejs suggests no packages.

-- no debconf information

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

[Pkg-javascript-devel] Bug#841981: nodejs should recommend ca-certificates

5 matches

Site Navigation

Mail list logo

Footer information