Comments (4)
This is tied to the question of whether we want to restrict this repository to free software. I’m personally inclined to limiting the packages we distribute to free software because:
- I believe we should encourage the community to create free software.
- When distributing proprietary software, we need to obtain and maintain a per-app redistribution permission from each author.
- It’s harder for users to inspect binaries when the source code is not available.
I’m open to other opinions on the matter, however.
from toltec.
Technically free software can just distribute pre-built binaries and then release source as requested. That said, I'd also think that for transparency’s sake it would be good to stick with git repositories for now. If/when someone wants to handle building themselves, or we want to package something that's already been built by another group using an odd build-chain, we can look at adding in alternative ways to pull "source".
The one caveat I do have to this though is that it might make sense to allow pulling down binary resource files that people don't want to store in git due to their size. Again, lets wait until someone actually runs into it.
Adding the ability to include checksums would be nice though.
from toltec.
Agreed. I’ll close this for now, but this is almost certainly something we’ll have to revisit when the need arises.
from toltec.
i think that ease of installation and updating is most important to me, followed by security and then software freedoms.
currently: everyone goes to random github repos to get their software. if a dev chooses to only release binaries, then the end user is installing non-free pre-compiled binaries. what we can provide is:
- centralized repo for software (discovery of software happens in one place vs. many)
- vetting the binaries are the version that was tested by the packager (by using checksumming and hashing)
- ability to update the binaries when the dev releases new updates
the danger here (in my opinion) is if a dev pushes an update that is malicious and the software repository ends up distributing it and because more people have the repo installed it end up infecting more people than if we didn't have the app repo distribution channel. in this case, once the bad code is caught, the software repo will be able to update everyone and that is better than if there was no app repo.
from toltec.
Related Issues (20)
- kernelctl install error HOT 3
- ddvk-hacks doesn't re-start after update HOT 6
- Unable to build packages `assert next_token == "("` HOT 11
- Installing and uninstalling seemingly not possible HOT 1
- Issue with remarkable 1 synchronization after toltec installation HOT 2
- Updating packages breaks wget/libssl HOT 7
- Reporting a vulnerability HOT 2
- Leaves in broken state if rm2fb fails to start HOT 4
- Update rm2fb-client package to enable screensharing HOT 1
- During installation, error with 'typed-ast' python package HOT 6
- Limit packages to specific OS versions HOT 1
- bash-completion for killall doesn't work HOT 5
- yaft package doesn't use terminfo file(s) in `/opt/share/terminfo` HOT 4
- 3.5.1.1798 onwards renames sync to rm-sync HOT 6
- Document package best practices in package guide
- whiteboard-hypercard build is broken HOT 2
- Auto-upgrade of libopenssl fails when moving from version 1.1.1 to 3.0.x HOT 1
- Bootstrap does not work on 3.6.0.1865 due to segmentation fault HOT 15
- Folly build broken
- Oxide (tarnish) missing reboot-guard dependency
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from toltec.