[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]
On 05/22/2015 05:52 AM, Ben Tasker wrote:
What procedure did you use to try and make the package? I'm running
Mailpile and definitely don't have node set up.
If you're building the dev version, one of it's requirement's is nose so
perhaps there's a typo kicking about?
On Fri, May 22, 2015 at 12:38 AM, Yuri <yuri@xxxxxxxxx> wrote:
On 05/21/2015 15:47, Ruben Pollan wrote:
I find really funny when people rant about things without even looking on
what
they are talking about.
Mailpile does not use node, it's written in python and all the javascript
of it
is for the browser. Up to now mailpile is in a beta status and is too
soon to
value if their distribution methods are trustworthy.
Please don't hurt yourself while falling from your chair laughing, because
I tried to make a package and it breaks:
--- js ---
bower install
env: node: No such file or directory
*** [js] Error code 127
Did you just say *Mailpile does not use node* ?
From the Mailpile Makefile:
debian-dev:
sudo apt-get install python-imaging python-lxml python-jinja2 pep8 \
ruby-dev yui-compressor python-nose spambayes \
phantomjs python-pip python-mock npm
if [ "$(shell cat /etc/debian_version)" = "jessie/sid" ]; then\
sudo apt-get install rubygems-integration;\
else \
sudo apt-get install rubygems; \
fi
sudo apt-get install python-pgpdump || pip install pgpdump
sudo pip install 'selenium>=2.40.0'
which lessc >/dev/null || sudo gem install therubyracer less
which bower >/dev/null || sudo npm install -g bower
which uglify >/dev/null || sudo npm install -g uglify
...
I'm not a security specialist, but it looks like if you don't already
have bower
and uglify installed on your Debian system this will attempt to download
the unsigned packages using npm.
On Jessie:
aptitude search bower
returns nothing.
But
aptitude search uglify
p node-uglify - JavaScript parser,
mangler/compressor and
v uglifyjs -
On both Jessie and Wheezy, Mailpile's Makefile will pull a node module
from an
unsigned package manager even though that same package is available from
a Debian mirror (where the packages _are_ signed).
In any case, someone should make the relevant (and trivial) fix to the
build script.
Plus address any other trivial problems that reveal an alarming lack of
discipline
for software attempting to juggle both secure and insecure messaging in
the same UI.
-Jonathan
Yuri
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk