[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#55903] [PATCH 25/41] gnu: Add go-github-com-protonmail-go-crypto-op

From: (
Subject: [bug#55903] [PATCH 25/41] gnu: Add go-github-com-protonmail-go-crypto-openpgp.
Date: Sun, 12 Jun 2022 14:13:43 +0100

On Sun Jun 12, 2022 at 1:53 PM BST, Maxime Devos wrote:
> we can refuse to package impacted packages until things improve.

I'm not sure boycotting packages is a good idea... If we did that, there'd
be a _lot_ of useful Rust and Go packages that we'd be refusing to package.
Anyway, I think it'd probably just drive people even further away from
distribution package management towards the "modern" (read: insecure,
bloated, and inherently flawed) stuff like Docker and Flatpak.

> Or if upstream is unmaintained, point the go-golang-org-x-crypto package
> at the protonmail fork.

Seems a little risky just to avoid packaging one fork. It's possible the two
have diverged since the protonmail version was created, too.

> Go packaging needs to become less cracy.  We don't have to participate
> in spreading the dependency hell.

I agree! It's an awful situation created by fundumentally borked dependency
management systems. But I don't see anything we can do about it other than
try to convince people that carelessly adding dependencies is Not A Good

reply via email to

[Prev in Thread] Current Thread [Next in Thread]