fsebugoutzone.org:9999

       Post AhxOhvus7EhvRMxvwe by ITwrx@blurts.net
 (DIR) More posts by ITwrx@blurts.net
 (DIR) Post #AhxOhsauSzxP8abRui by ITwrx@blurts.net
       2024-04-03T13:17:56.693071Z
       
       0 likes, 0 repeats
       
       @kravietz @jakub @bookwar @Conan_Kudo Upstreams should know what lib versions they tested with. Why shouldn&#39;t there be a simple manifest for upstreams to fill out that the distros&#39; package management software then verifies with the source and installs? (not rhetorical) This makes it easy for upstream,s to &quot;package&quot; for all of linux and gives distros helpful info, but still lets distros do whatever they want/need to do to install the software. In the xz case, or similar, a new dev/signing key could automatically flag a review downstream and/or probationary period.
       
 (DIR) Post #AhxOhu7CoPNvr2iktM by bookwar@fosstodon.org
       2024-04-03T13:23:19Z
       
       0 likes, 0 repeats
       
       @ITwrx Upstreams should not choose versions of dependencies randomly in their own bubble.To make deduplication of effort work, there should be awareness in every upstream that they need to align their choices with other upstreams.The packaging and distributions ecosystem is where different upstreams meet and talk to each other about things like which versions to choose as a base for LTS branches, which versions to choose for shared libraries and so on.@kravietz @Conan_Kudo @jakub
       
 (DIR) Post #AhxOhvDGjLpTG8Z6yu by bookwar@fosstodon.org
       2024-04-03T13:50:41Z
       
       1 likes, 0 repeats
       
       @ITwrx And I may be need a separate statement:I don&#39;t believe that every upstream developer must become a packaging expert.I believe that packaging is a job on its own. For some projects you combine roles of developer, tester, doc writer and packager, for some you just can&#39;t. And then you ask for help.But I believe that upstream developer should be aware that there are needs in software development beyond writing the code and pleasing the user.@kravietz @Conan_Kudo @jakub
       
 (DIR) Post #AhxOhvus7EhvRMxvwe by ITwrx@blurts.net
       2024-04-03T14:00:32.672431Z
       
       0 likes, 0 repeats
       
       @bookwar &gt; I don&#39;t believe that every upstream developer must become a packaging expert.I agree. That&#39;s why many don&#39;t package for linux distros themselves, b/c rpm and deb are too much to learn, or whatever the case may be  That&#39;s why the manifest would only include the most necessary info for downstreams to have, and info upstreams should know. Maybe that&#39;s not possible, IDK. @kravietz @Conan_Kudo @jakub