httpsig
httpsig copied to clipboard
ahknight
Debian package
Hi. Just wanted to let you know I decided to upload httpsig into Debian. The source of the uploaded package is available from <URL: https://salsa.debian.org/pere/python-httpsig >. The debian/patches/ directory contain the changes I needed to apply to get it building and working in Debian.
Once the package is accepted into the Debian archive, its status can be seen from <URL: https://tracker.debian.org/pkg/python-httpsig >.
Is there anything I should know about this package related to packaging? Will its API be stable for the next 2-3 years, or should I keep it out of the stable Debian release?
Is the httpsig project still being maintained? The lack of feedback to issues make me worried.
It is, somewhat. I'm no longer actively using it, but I check in on it now and again.
The API should be stable (both an intentional decision and as a result of the above). If there are changes you need to make for Debian I'd appreciate a PR (if applicable to the general population) so that there's only one version out there.
Right. I'll do my best.
I am worried about shipping a library implementing a obsolete draft of the specification might be doing its users a dis-service, and might pull it from the next stable release if nothing change there. For the project I considered using httpsig, I ended up using jwt instead to make sure the specification was not a moving target, so for me it is less of a priority than it used to be.