top | item 34587221 (no title) swarfield | 3 years ago They have broken almost every open source project that builds external deps. Also broke homebrew apparently. discuss order hn newest capableweb|3 years ago Good test that the tooling actually works when the checksums are incorrect :) If your "build from source" tool/workflow DIDN'T break, I'd be worried. groestl|3 years ago > every open source project that builds external depsand relies on checksumming ephemeral artefacts for integrity. catiopatio|3 years ago Source archives have never, in the entire history of open source, been considered ephemeral.GitHub unilaterally made that decision for their own convenience, and violated a decades-long universal community norm in the process. load replies (3) pxc|3 years ago Such tools should definitely checksum package sources lol
capableweb|3 years ago Good test that the tooling actually works when the checksums are incorrect :) If your "build from source" tool/workflow DIDN'T break, I'd be worried.
groestl|3 years ago > every open source project that builds external depsand relies on checksumming ephemeral artefacts for integrity. catiopatio|3 years ago Source archives have never, in the entire history of open source, been considered ephemeral.GitHub unilaterally made that decision for their own convenience, and violated a decades-long universal community norm in the process. load replies (3) pxc|3 years ago Such tools should definitely checksum package sources lol
catiopatio|3 years ago Source archives have never, in the entire history of open source, been considered ephemeral.GitHub unilaterally made that decision for their own convenience, and violated a decades-long universal community norm in the process. load replies (3)
capableweb|3 years ago
groestl|3 years ago
and relies on checksumming ephemeral artefacts for integrity.
catiopatio|3 years ago
GitHub unilaterally made that decision for their own convenience, and violated a decades-long universal community norm in the process.
pxc|3 years ago