[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Giving up on RubyGems
|
From: |
Leo Famulari |
|
Subject: |
Re: Giving up on RubyGems |
|
Date: |
Tue, 20 Oct 2015 15:19:10 -0400 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Tue, Oct 20, 2015 at 08:51:22AM -0400, David Thompson wrote:
> I've grown very tired of trying to convince people that independent user
> verification of binary releases is an important thing to prioritize, but
> they think that users do not want the source code. I've tried to make
> my arguments as clear as I could, yet they've been misunderstood by some
> and rejected entirely by others, and now it is time to give up.
As someone with zero Ruby experience, I find this very confusing. Are
you saying that they don't think it's necessary to be able to build the
Gem "binaries" independently? If that were true, how can RubyGems be a
trusted intermediary between software authors and users? How can users
verify that the RubyGems people are not distributing malicious
"binaries". Am I totally misunderstanding the role of RubyGems in the
Ruby world?
> This effort has drained too much of my enthusiasm, and now I need a
> break.
:( We all have experiences like this once in a while. Everyone
appreciates the work you do on Guix. Hopefully you can come back with
some fresh energy when you are ready!