I just created a dub package. Frankly, the whole thign is backward.
rikki cattermole
rikki at cattermole.co.nz
Tue Apr 26 19:32:30 UTC 2022
On 27/04/2022 7:27 AM, Ola Fosheim Grøstad wrote:
> None of these approaches work, because the core problem is that the eco
> system is too small to sustain a secure package system detached from the
> rest of the world. I would never use it. Too dangerous and exploitable.
> One big security vulnerability that I don't want to think about.
Unless we build literally everything in D, people will continue to ship
their own binaries for platforms such as Windows. So that their
library/binding "just works".
But in saying that, you do raise a good point. A long term strategy may
be to require only our CI to build + upload binaries. This would make it
reproducible since its script based.
More information about the Digitalmars-d
mailing list