How hard would it be to create a dub2deb tool?
deadalnix
deadalnix at gmail.com
Thu Feb 18 19:31:10 UTC 2021
On Thursday, 18 February 2021 at 14:15:15 UTC, Dukc wrote:
> Not .deb, but converting DUB to a general package format
> nonetheless:
>
> https://github.com/lionello/dub2nix
That's an interesting project, and certainly contains the seeds
of what I'm looking for, but some of the design decision are IMO
misguided. Nothign against the author per se, these error seems
to be pervasive in the npm, pip, ruby gem ecosystems and many
more.
You simply can't download a bunch of crap from the internet and
deploy it this way. First, this is very insecure (see
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
for the latest iteration of the madness) but it also a
reproducibility problems (the source may change from under your
feets) and availability (someone pulling leftpad can bring down
your whole deployment capability).
This is why you want to be able to package things and deploy them
as deb/rpm/dmg/whatever
More information about the Digitalmars-d
mailing list