How hard would it be to create a dub2deb tool?

[H. S. Teoh]

On Thu, Feb 18, 2021 at 07:31:10PM +0000, deadalnix via Digitalmars-d wrote:
[...]
> Nothign against the author per se, these error seems to be pervasive
> in the npm, pip, ruby gem ecosystems and many more.
> 
> You simply can't download a bunch of crap from the internet and deploy
> it this way. First, this is very insecure (see
> https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 for
> the latest iteration of the madness) but it also a reproducibility
> problems (the source may change from under your feets) and
> availability (someone pulling leftpad can bring down your whole
> deployment capability).
> 
> This is why you want to be able to package things and deploy them as
> deb/rpm/dmg/whatever

+1.  I have always been skeptical of having my ability to build/deploy
depend on some random 3rd party provider somewhere out there in the wild
internet whose availability/continued existence is not under my control.

But it seems nobody wants to acknowledge that the king has no clothes.

Maybe the latest dependency confusion madness will finally pull away the
wool.  But I'm not holding my breath.


T

-- 
Жил-был король когда-то, при нём блоха жила.