[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]



On 05/22/2015 05:52 AM, Ben Tasker wrote:
What procedure did you use to try and make the package? I'm running
Mailpile and definitely don't have node set up.

If you're building the dev version, one of it's requirement's is nose so
perhaps there's a typo kicking about?

On Fri, May 22, 2015 at 12:38 AM, Yuri <yuri@rawbw.com> wrote:

On 05/21/2015 15:47, Ruben Pollan wrote:

I find really funny when people rant about things without even looking on
what
they are talking about.

Mailpile does not use node, it's written in python and all the javascript
of it
is for the browser. Up to now mailpile is in a beta status and is too
soon to
value if their distribution methods are trustworthy.

Please don't hurt yourself while falling from your chair laughing, because
I tried to make a package and it breaks:
--- js ---
bower install
env: node: No such file or directory
*** [js] Error code 127

Did you just say *Mailpile does not use node* ?

From the Mailpile Makefile:
debian-dev:
    sudo apt-get install python-imaging python-lxml python-jinja2 pep8 \
                         ruby-dev yui-compressor python-nose spambayes \
                         phantomjs python-pip python-mock npm
    if [ "$(shell cat /etc/debian_version)" = "jessie/sid"  ]; then\
        sudo apt-get install rubygems-integration;\
    else \
        sudo apt-get install rubygems; \
    fi
    sudo apt-get install python-pgpdump || pip install pgpdump
    sudo pip install 'selenium>=2.40.0'
    which lessc >/dev/null || sudo gem install therubyracer less
    which bower >/dev/null || sudo npm install -g bower
    which uglify >/dev/null || sudo npm install -g uglify
...

I'm not a security specialist, but it looks like if you don't already have bower
and uglify installed on your Debian system this will attempt to download
the unsigned packages using npm.

On Jessie:
aptitude search bower
returns nothing.

But
aptitude search uglify
p node-uglify - JavaScript parser, mangler/compressor and
v   uglifyjs                        -

On both Jessie and Wheezy, Mailpile's Makefile will pull a node module from an
unsigned package manager even though that same package is available from
a Debian mirror (where the packages _are_ signed).

In any case, someone should make the relevant (and trivial) fix to the build script. Plus address any other trivial problems that reveal an alarming lack of discipline for software attempting to juggle both secure and insecure messaging in the same UI.

-Jonathan



Yuri
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk