[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]



Actually, having taken a look, I stand corrected. Although it started off as just Python, Node has seeped it's way in a little bit (in terms of if you're wanting to build from source).

They're using Grunt (by default) to process LESS files, which requires node, you've also got bower (that should have jumped out at me in your error!).

Your make all, of course, builds the JS and CSS, which uses Grunt and Bower.

As far as I can see, Node is only used for automating parts of the build, which to be honest makes it worse in my view - requiring a completely different tool chain just to build?

You can run Mailpile without having Node installed by using the pre-built binaries, just install the dependencies, but that's placing an awful lot of trust in the repo (and the devs themselves).

There was a slight off-topic tangent about "why not use node" here[1] in 2013 but around a year later Grunt was introduced in Oct 14[2] (hadn't realised my build was quite so out of date....). Not going to dig any further.

So, basically, you have two options

- trust the devs never to fold to pressure and tamper with the binaries
- Use node to build your own from source

So

Mailpile certainly doesn't look like as secure as such system could be.

Sadly it looks that way, though I doubt it's likely to change, I've been waiting for the 1.0 milestone to see whether the other issues I have with it get addressed. Some, I know, have as the GH issues have been resolved, so I'm being patient with the other bits :)

[1] - https://github.com/mailpile/Mailpile/issues/58
[2] - https://github.com/mailpile/Mailpile/commit/f21a1e92b483f48a83ba44347681bd812b636923



On Fri, May 22, 2015 at 12:06 PM, Yuri <yuri@rawbw.com> wrote:
On 05/22/2015 02:52, Ben Tasker wrote:
What procedure did you use to try and make the package? I'm running
Mailpile and definitely don't have node set up.

If you're building the dev version, one of it's requirement's is nose so
perhaps there's a typo kicking about?

In my case, framework by default ran 'make -f Makefile all', that's when it needs node.


Yuri
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk



--