> Are distros doing anything more than scanning CVE databases with the library versions, or are they _actually_ auditing the versions they choose? Debian Developer here. Part of packaging work, for Python libraries or…
This! Asciidoc is the grown-up brother of Markdown. Designed to scale up to entire books, handle images, tables, references, citation, book indexes, maths. And the syntax is very friendly and intuitive.
Debian Developer here. Reminder: the Debian Packaging Guidelines are meant for official Debian packages. Making a package with dpkg-deb -b <dir> <packagename> is very easy and gives all the features of APT (dependency…
Debian Developer here: upstream developer almost never care to prepare fixes for existing releases.
This is good advice for software lifecycle management in general: https://wiki.debian.org/DontBreakDebian
Debian Developer here. Backporting fixes to tenths of thousands of packages is already a huge amount of (thankless) work. But it's still done - as long as there's usually one version of a given library in the whole…
Again, I'm talking about the article: "avoid drama and FUD" refers to HN. Especially the word "avoid", knowing that the article is already written. > In the meantime, I'd recommend reading the blog: in it a Debian…
I'm in no way responding to the blog, as you can see in my 4 points. I'm addressing the comments here. Every time similar content is shared here there's a number of people making exaggerated claims around Debian being…
A couple of healthy reminders to avoid drama and FUD: 1) People announce leaving publicly and the FLOSS community takes notice of it. This is a sign of health of Debian. In many other projects few people notices. 2) The…
> the very real dangers of shipping blobs, which probably carries more weight than the dangers of vendoring you outline. This is a false dichotomy. > By not having that escape valve Please do your research before…
Debian Developer here. Some people take a very cursory look at Debian and assume the packaging is an exercise in masochism that we inflict on ourselves. And yet the number of DDs keeps increasing (and Debian is one of…
Correct. Furthermore, rebuilding and distributing a large number of large binaries every time a vulnerability is fixed is harmful! - It encourage users to delay security updates. Hundreds of millions in the world have…
You are confusing static linking with embedding library sources.
Debian is available for the lucky PinePhone and PineTab owners, thanks to the Mobian project.
> weird poorly-documented helper scripts which have strange interactions I've never found a packaging tool without an extensive and clear manpage with examples. > I think the biggest issue is the social problem of the…
> No, companies are not happy to discuss, modify, and sign new contracts every day. They are quite hesitant to. [citation needed] > And, what's more, the contracts we're talking about are all basically pro-forma. I had…
> AGPL is unchallenged in court. The risk to being wrong about it as huge. It’s risk aversion, not ideology, and it’s important to remember that identifying an argument as part of legal review does not call it the…
> After a couple of months with lawyers, it's now a major AGPL supporter I had a similar experience. I took exams on patent and copyright law with IP lawyers as teachers during my degree. Then I worked in well known…
> I was hoping that he would be able to just double click the .deb file and install with no hassle, but he couldn't. I don't know if was the package manager fault or google's And yet people praise Android for…
It's been around since 13 years at least. I remember a website [1] that offered such installer. [1] https://web.archive.org/web/20160523181321/http://goodbye-mi...
huh?
DD here. The main "barrier" is the level of quality required. Simply throwing a bunch of files into a package or a container is very quick. Making an official Debian package is not supposed to be quick. DDs thoroughly…
DD here. apt-get install maint-guide ...and then read: file:///usr/share/developers-reference/index.html file:///usr/share/doc/maint-guide/html/index.en.html Also look at existing packages and talk to DDs. Avoid random…
...
> that they tend to take popcon statistics as evidence Please provide a source to back that claim.
> Are distros doing anything more than scanning CVE databases with the library versions, or are they _actually_ auditing the versions they choose? Debian Developer here. Part of packaging work, for Python libraries or…
This! Asciidoc is the grown-up brother of Markdown. Designed to scale up to entire books, handle images, tables, references, citation, book indexes, maths. And the syntax is very friendly and intuitive.
Debian Developer here. Reminder: the Debian Packaging Guidelines are meant for official Debian packages. Making a package with dpkg-deb -b <dir> <packagename> is very easy and gives all the features of APT (dependency…
Debian Developer here: upstream developer almost never care to prepare fixes for existing releases.
This is good advice for software lifecycle management in general: https://wiki.debian.org/DontBreakDebian
Debian Developer here. Backporting fixes to tenths of thousands of packages is already a huge amount of (thankless) work. But it's still done - as long as there's usually one version of a given library in the whole…
Again, I'm talking about the article: "avoid drama and FUD" refers to HN. Especially the word "avoid", knowing that the article is already written. > In the meantime, I'd recommend reading the blog: in it a Debian…
I'm in no way responding to the blog, as you can see in my 4 points. I'm addressing the comments here. Every time similar content is shared here there's a number of people making exaggerated claims around Debian being…
A couple of healthy reminders to avoid drama and FUD: 1) People announce leaving publicly and the FLOSS community takes notice of it. This is a sign of health of Debian. In many other projects few people notices. 2) The…
> the very real dangers of shipping blobs, which probably carries more weight than the dangers of vendoring you outline. This is a false dichotomy. > By not having that escape valve Please do your research before…
Debian Developer here. Some people take a very cursory look at Debian and assume the packaging is an exercise in masochism that we inflict on ourselves. And yet the number of DDs keeps increasing (and Debian is one of…
Correct. Furthermore, rebuilding and distributing a large number of large binaries every time a vulnerability is fixed is harmful! - It encourage users to delay security updates. Hundreds of millions in the world have…
You are confusing static linking with embedding library sources.
Debian is available for the lucky PinePhone and PineTab owners, thanks to the Mobian project.
> weird poorly-documented helper scripts which have strange interactions I've never found a packaging tool without an extensive and clear manpage with examples. > I think the biggest issue is the social problem of the…
> No, companies are not happy to discuss, modify, and sign new contracts every day. They are quite hesitant to. [citation needed] > And, what's more, the contracts we're talking about are all basically pro-forma. I had…
> AGPL is unchallenged in court. The risk to being wrong about it as huge. It’s risk aversion, not ideology, and it’s important to remember that identifying an argument as part of legal review does not call it the…
> After a couple of months with lawyers, it's now a major AGPL supporter I had a similar experience. I took exams on patent and copyright law with IP lawyers as teachers during my degree. Then I worked in well known…
> I was hoping that he would be able to just double click the .deb file and install with no hassle, but he couldn't. I don't know if was the package manager fault or google's And yet people praise Android for…
It's been around since 13 years at least. I remember a website [1] that offered such installer. [1] https://web.archive.org/web/20160523181321/http://goodbye-mi...
huh?
DD here. The main "barrier" is the level of quality required. Simply throwing a bunch of files into a package or a container is very quick. Making an official Debian package is not supposed to be quick. DDs thoroughly…
DD here. apt-get install maint-guide ...and then read: file:///usr/share/developers-reference/index.html file:///usr/share/doc/maint-guide/html/index.en.html Also look at existing packages and talk to DDs. Avoid random…
...
> that they tend to take popcon statistics as evidence Please provide a source to back that claim.