I just created a dub package. Frankly, the whole thign is backward.
norm
norm.rowtree at gmail.com
Tue Apr 26 23:48:03 UTC 2022
On Tuesday, 26 April 2022 at 07:37:42 UTC, Ola Fosheim Grøstad
wrote:
> On Tuesday, 26 April 2022 at 01:56:42 UTC, norm wrote:
>> Conan works with either packaged binaries or packaged sources.
>> I think the comparison is valid. I also disagree that dub is
>> easier. Sure it is much simpler to get started for trivial
>> projects but with any non-trivial project you end up hitting
>> its walled garden pretty hard.
>
> My (limited) understanding of Conan is that Conan-central
> compiles packages to binaries for various configurations (over
> 100 configurations for C++), but that it also allows for
> packaging of precompiled binaries. Isn't this a security hazard?
No more than anything else like maven, linux package managers,
chocolatey on windows. I hear vcpkg also supports prebuilt
binaries now but I think it is only for private registries,
they're not hosting them. Vcpkg is focused on build from source
not because of security concerns but ABI and compiler
compatibility.
It is also fairly easy, much more than pip or maven, to set up
your own package registry server so it never goes out to he
official hosted service for packages.
>
> Is it possible to configure Conan so that it only compiles from
> sources and never downloads binaries?
When you invoke conan, or in your config file, you can tell it to
only build from source so it will not download the binary package
even if available.
More information about the Digitalmars-d
mailing list