Re: Include non-RPM content in buildroot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le 2020-02-26 09:50, Martin Sehnoutka a écrit :
Hi,
Hi,

Go package management:
I know that Go has a package management now, but the question is if
upstream communities are going to adopt it.

Upstream communities won’t have any choice if they want their software to be trusted by third parties, because all the upstream "free" security checking provided by Google in its own registry relies on the new component model.

Software security is hard. Security of huge piles of unmanaged third party bundled code is not economically feasible. That’s why Google moved to a formal component system, for the exact same reasons distros moved to formal packages 20+ years ago. (and it was all done in a NIH way Google side, they’re re-discovering all the packaging lessons distros learnt long ago one by one).

Thanks for this email thread I also had few discussions off-line and
it seems to me that there is a certain shift in the way people want to
distribute their software. More specifically I could see more people
focus on shipping their software in containers and trying to avoid RPM
completely.

You can see it because devs keep hoping for a free lunch. That does not exist in the real life. Real world software has maintenance and security issues. Managing those requires a finer grained component model than shoveling piles of unmanaged code in a container and hoping for the best.

Upstreams that do not make the effort to manage the third party code they rely on, condemn themselves to obscurity, or to revenue capture by third parties that *will* transform their code in something manageable (typically, by breaking it in components that can be audited). Typically, Amazon, Google, Red Hat, etc.

Regards,

--
Nicolas Mailhot
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux