(no title)
puppetmaster | 2 years ago
Regarding the packages, those are very respectable numbers... But who is maintaining them? It takes a lot of effort to maintain a repo up to date, with patches both functional and security related. This is in most distros a full time job for a group of people. For comparison pkgsrc has 19444 packages, and it takes a substantial effort to keep up to date.
Regarding 4... I am not sure about your angle there... "Running random binaries" is risky. Technically hysp is a random binary itself, from a random source. I don´t know who you are, and even in that case any certification of authority is best efforts. You can´t certify that the code you built has not been compromised... This is a tough problem, good ideas are still needed!
OTOH, maybe you could leverage the work of the pkgsrc team to increase the number of available packages, traceability, and portability! Join forces! Synergy!!!!
azathothas|2 years ago
So if you wanted to, you could use pure bash and nothing else to parse the TOML files that hysp uses and do everything that it does. Hysp is simply an abstraction over that philosophy.
As to the question of maintaining them, currently only I am. Hysp is a small project for now, and we have no plans to add anything that's dynamic. This will ensure low numbers of packages, but guarantee that those packages will work anywhere. So maintaining the PKGs is quite simple, I write custom build script for each of them and then GitHub Actions automates the rest. This currently requires very little manual maintenance. The following repos are where the current packages are sourced from:
https://github.com/Azathothas/Toolpacks https://github.com/Azathothas/Static-Binaries https://github.com/Azathothas/static-toolbox
I had to mention 4, because people kept asking us about security concerns. Self-Hosting everything on your own server and using hysp just as the frontend, is an option for those people.