( schreef op zo 12-06-2022 om 11:46 [+0100]: > On Sat Jun 11, 2022 at 11:27 PM BST, Maxime Devos wrote: > > If it's backward compatible, maybe packaging the fork isn't necessary. > > The _API_ is backwards compatible, but packaging it is necessary because > the OpenPGP implementation is different (although you use it the same way). > > [...] > Go packaging is a bit crazy, seems like this kind of fork overuse is > common. Sadly, it's usually necessary to package the forks. (There'll > be a reason they're using the forks in the first place...) It's not necessary to package the forks if the fork is merged back upstream, and we can refuse to package impacted packages until things improve. Or if upstream is unmaintained, point the go-golang-org-x-crypto package at the protonmail fork (*). Go packaging needs to become less cracy. We don't have to participate in spreading the dependency hell. (*) Looking at , the reason appears to be a lack of maintaining, but looking at , upstream appears to be active again, so AFAICT they don't have a reason anymore. Greetings, Maxime.