I just created a dub package. Frankly, the whole thign is backward.

[rikki cattermole]

On 27/04/2022 7:27 AM, Ola Fosheim Grøstad wrote:
> None of these approaches work, because the core problem is that the eco 
> system is too small to sustain a secure package system detached from the 
> rest of the world. I would never use it. Too dangerous and exploitable. 
> One big security vulnerability that I don't want to think about.

Unless we build literally everything in D, people will continue to ship 
their own binaries for platforms such as Windows. So that their 
library/binding "just works".

But in saying that, you do raise a good point. A long term strategy may 
be to require only our CI to build + upload binaries. This would make it 
reproducible since its script based.