How hard would it be to create a dub2deb tool?

H. S. Teoh hsteoh at
Thu Feb 18 19:56:51 UTC 2021

On Thu, Feb 18, 2021 at 07:31:10PM +0000, deadalnix via Digitalmars-d wrote:
> Nothign against the author per se, these error seems to be pervasive
> in the npm, pip, ruby gem ecosystems and many more.
> You simply can't download a bunch of crap from the internet and deploy
> it this way. First, this is very insecure (see
> for
> the latest iteration of the madness) but it also a reproducibility
> problems (the source may change from under your feets) and
> availability (someone pulling leftpad can bring down your whole
> deployment capability).
> This is why you want to be able to package things and deploy them as
> deb/rpm/dmg/whatever

+1.  I have always been skeptical of having my ability to build/deploy
depend on some random 3rd party provider somewhere out there in the wild
internet whose availability/continued existence is not under my control.

But it seems nobody wants to acknowledge that the king has no clothes.

Maybe the latest dependency confusion madness will finally pull away the
wool.  But I'm not holding my breath.


Жил-был король когда-то, при нём блоха жила.

More information about the Digitalmars-d mailing list