AV-Portal 3.23.2 (82e6d442014116effb30fa56eb6dcabdede8ee7f)

Future of Guix

Video in TIB AV-Portal: Future of Guix

Formal Metadata

Title
Future of Guix
Title of Series
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English
Production Year
2017

Content Metadata

Subject Area
Abstract
A discussion on the future of GNU Guix and GuixSD.
Loading...
Feedback Bit Streaming media
Group action INTEGRAL System administrator Multiplication sign Range (statistics) Numbering scheme Mereology Food energy Formal language Web service Roundness (object) Hypermedia Computer configuration File system Cuboid Computational science Data conversion Physical system Scripting language Curve Mapping Namespace Block (periodic table) Software developer Data storage device Electronic mailing list Bit Instance (computer science) Substitute good Type theory Data management Message passing Repository (publishing) Order (biology) Right angle Spacetime Point (geometry) Ocean current Server (computing) Service (economics) Open source Patch (Unix) Flash memory Ultraviolet photoelectron spectroscopy Virtual machine Online help Mass Number Supercomputer Product (business) Goodness of fit Pi Term (mathematics) Hierarchy Operating system Gastropod shell Software testing Installation art Default (computer science) Turbo-Code Standard deviation Graph (mathematics) Projective plane System call Integrated development environment Software Personal digital assistant Game theory Family Routing
Axiom of choice Demon Group action Building Code Multiplication sign View (database) Workstation <Musikinstrument> Source code Mereology Public key certificate Bookmark (World Wide Web) Software bug Formal language Web 2.0 Programmer (hardware) Derivation (linguistics) Mathematics Computer cluster Different (Kate Ryan album) Computer configuration Hypermedia Videoconferencing Conservation law Extension (kinesiology) Physical system Covering space Area Email State diagram Discrete element method Shared memory Electronic mailing list Bit Instance (computer science) Lattice (order) Variable (mathematics) Web application Arithmetic mean Process (computing) Repository (publishing) Software repository Website Right angle Quicksort Freeware Sinc function Asynchronous Transfer Mode Point (geometry) Ocean current Trail Game controller Vapor barrier Momentum Computer file Patch (Unix) Transport Layer Security Virtual machine Ultraviolet photoelectron spectroscopy Online help Theory Scalability Element (mathematics) Number Workload Latent heat Goodness of fit Average Operator (mathematics) YouTube Task (computing) User interface Default (computer science) Dependent and independent variables Distribution (mathematics) Scaling (geometry) Projective plane Software maintenance Integrated development environment Algebraic closure Software Musical ensemble
Multiplication sign Execution unit Source code 1 (number) Set (mathematics) Mereology Mathematics Different (Kate Ryan album) Damping Software framework Endliche Modelltheorie Stability theory Physical system Binary code Keyboard shortcut Data storage device Electronic mailing list Sound effect Bit Maxima and minima Instance (computer science) Hand fan Proof theory Process (computing) Software repository Chain Order (biology) Configuration space Right angle Quicksort Arithmetic progression Pole (complex analysis) Metre Point (geometry) Implementation Game controller Connectivity (graph theory) Virtual machine Student's t-test Revision control Hacker (term) Operating system Boundary value problem Installation art Multiplication Key (cryptography) Weight Expression Projective plane Debugger Software maintenance System call Peer-to-peer Software Irrational number Video game
so we're starting a little bit early which which will confuse the people who didn't video stream and we don't have a mic which will confuse it even more you
can hear us right so I think it's a this
an idea of this panel is ready to get some feedback from you we have from the audience I mean we we know our ideas yes we are severely entrenched but we have the to do ideas and I think it would be nice to get an idea of what the priorities are right I mean if we look at the future of geeks I think maybe you
know I can i I will say the deets is already a success it is just the start of it but it's it's amazing what is happening and it's you know we can build in it incrementally which is very good for the future but what what should we focus on next right I mean what's what's gonna be was the most important thing you think that is going to be you know to drive you know geeks in the future so maybe I should talk to panel members first and then you can react faster yep okay I think I'm gonna start straight with a conversation that we had a couple so hey I think we have a we ever just gave a whole round of applause we're in first of all because yes our second year of this like a sub conference right like in the amount of energy and stuff in this room is just nuts but I think so we one of the things we were talking about the other night yes geeks is great the all monkeys but getting them in the hands of users it's not necessarily very easy right now right one thing that I would love to see is be able to do apt-get install geeks or even young install geeks I guess if you're on fedora or whatever right so that one of the big blockers on this is that we have this flash canoe thing and it's not part of the filesystem hierarchy standard yeah so I think that so I guess the monologue this so maybe I have to figure out to turn over the I would really like to see geeks get packaged in Debian or etc but you have to get over this pass slash didn't even not being a filesystem hierarchy standard thing now we can do it one of a few things we could just switch we can switch over to /opt just abandon the good thing is that I think that I'm looking at Lu the game face we could and and so maybe I should hand it over to one of you two before I start just I feel like I'm monologuing and I feel rude about that on the family I'll explain the so some of the ideas we came up with are kind of successively crazy well the first one is switching to op that's not gonna happen the second one is we can do basically what pewter demonstrated today and just rewrite we can substitute all packages including we can basically do a graft of all stuff that packages including all the substitutes I'll graph the packages and just rewrite them all from slash canoes left storage' slash op slash store and then that might make it much easier to package in Debian or etc the other crazy idea is to possibly have a user name space I think this was your idea where people just in there dot accession or whatever end up opening up to user name space that basically Remax /opt slash store to slash a slash store and that's kind of getting crazier and then the last phrase you want us to get it in the actual FHS but I'm not sure that that's going to happen so that was all there was a long route to not really have Hamel kind of conversation so I guess I'm gonna hand it over to the rest of the group to say how do you think that we can get geeks better adapted in the world I should point out that there I see a Debian developers sitting there in the back of the room so you know maybe for this particular point we could also think about the social approach to it I don't know yeah so getting geeks into into Debian another free district is one thing I think I'm also personally interested in having you know great use cases for geeks so we've we've seen talks and discussions about a few of them so one of them is high performance computing where I think people are really needing it so it's really a niche in terms of users but people are really in need of a solution and geeks seems to be satisfying in a number of ways so that's one thing I'd like to push and then we have these geeks SD thing which is pretty cool I think and to make it even cooler in a number of obvious cases there is kids deploy and so chris has been looking at it and before David Thomson also started toying with a way so I should say what geeks deploy is I guess right so give the plug so you have geeks SD where you run geek system reconfigure geek system VM and you get one machine right one operating system instance and the idea with geeks deploy is to allow you to actually deploy gigs SD on a number of machines like on a on a cluster on the network something so for those of you familiar with Knicks ups this would be roughly the geeks equivalent to Knicks ops that's that's the idea and so I think the ability to deploy a whole bunch of machines in a reproducible fashion is really one of the killer apps that we could have in the fourth inning future it's hard to be the third person to say something noble so I work in as a system administrator in an HPC environment so for me HPC is kind of important not just personally but I think if we can make people but the system administrators realize that geek solves their problems in scientific computing and they pick it up once they're unlikely to change away from it again so for me this is a personal priority to get adopted because as soon as we have people in science depending on geeks they cannot get away with not supporting it this is how I ended up supporting geeks I don't really know if Epcot installed geeks is is really an issue if this is really a problem are they actually people who are interested in geeks who shy away from using it because they can't just apt-get install Oh what yeah he's - oh okay so what I would love to do is have media goblins default way to get up and running for is either that you have a deaf package or like for Debian type users but if you wanted to develop you know for geeks users they'll obviously already have it for kicks SD users right but if you're developing on something like Debian or Fedora or something like that I would love people to be able to do geeks environment geeks SEM right now we have to either ask somebody to drop this binary install thing which I think is not very nice for a lot of people like it technically works but there's good reasons to feel uncomfortable doing that right and like if I could just say oh it's just like any of these other package managers you can just install out-of-the-box on Debian that would be huge like I could just say it's so easy to just pick up geeks you have it already right yeah that would be a I know for my use cases at least a would be big it's been a while since I use Debian but I know that oh bun - people use what is it called ppas right that's a one-liner that you did you execute to add an additional repository that you trust and then you can do apt-get install would that be sufficient or does it really have to be
official I mean we could that's okay so that's another option as well you know I I mean I think that that's another option to getting things installed but I think it would be even better if we could have geeks shipped with Debian itself so that because not everybody is going to want to edit their PPA list yeah so the question it really is what is the growth path that we are looking for right I mean if you if you make it easy for people to install software that's one thing and I I agree with fish that's possible the Debian community has been highly resistant to you know including package managers in their in their systems if but they have package managers you know for four languages like PI pie and all that so you know you I suppose it's it could be could be worked on right but it's gonna probably be a long haul beyond it the question is also know what what type of use do you want to attract I mean you really want to attract users that start contributing to gigs right which which said to be people who develop software I mean the other the other thing nose will say is that what I really like the idea about is this kind of thing that they were taught something as long as it's more fun is the container idea you know system container which i think is be a massive thing in terms of like well web service development I guess were media coping but also like for something I'm doing it's just kind of anything that requires multiple services to be running will be lovely to just do it in the container and I think there are communities out there I definitely think we I'm working in well it's still looking for really nice development environment but going to them and saying okay you just need to kind of first set up you know geeks in a complicated way and that you can use this is amazing it that basically you know why change the current development environment that they have which works but it's a hassle for another one that is also hassle and that also works in many better ways but also just works you know so I think in that sense and those of you loved develop software with also users and it's a niche I think that that would definitely we did fill so many of us talked about how we love that geeks could be a replacement for things like docker and stuff like that right but we don't expect that every user of docker has to be a docker contributor in order to be able to make use of those features which i think is kind of ties in with what you're saying so I I don't I don't think that everyone should we want as many people as possible to send us patches and to learn scheme and stuff like that but I don't think that it should be a prerequisite for taking advantage of all of geeks those things currently actually this happens already many people send us patches this is a good problem to have but it actually is also a problem because managing all these patches making sure that nobody is left out that's actually one of the points on our list it is kind of hard to make sure that people continue contributing when their contributions don't end up being part of geeks eventually maybe you want to say something about this because I lost well this is something that the audience members can help with right we we we could use help with people reviewing patches on the list and it reviewing a patch Kent for the first time actually be as easy as assuming or once you get the geeks development environment set up actually trying to apply the patch and just see if it works on your system right and that doesn't require a lot of scheme expertise and in fact I think Ludovic and a few others have had talks about plenty of people don't have scheme expertise when they start with geeks and pick it up as they go right so that's a call out to people in the audience that's something you can do actually I want to make one more call out for something that people can do to develop to push along one of the things that we talked about previously which is making geeks deploy happen if anybody in the audience is interested in getting geeks SD running on like commodity VPS hosting type things that would push along our work tremendously and document it and if you can do that that'll help us move along in the server space dramatically and that's something you know I'm sure there are a number of people in this audience whose skills could have applied about is adding a support to you know continues integration systems like Travis yeah if if people could just you know deploy a package say Ruby you know run the software do the testing run the testing environments that would also be very highly visible projects you know because you know I think 50% developers an open-source already actually using Travis map should we throw another one audience yeah we can ask who is somebody have a question about the future of the center that they'd like to ask for a strongly worded opinion the one thing that matters in stores and the traffic's is some installer that and what is it but the shell throw two baskets and run an automated way so the people just installing easy anxiousness and eat something useful Eaton and Betty and I think it would mean they would have to manually his boxing and also perhaps things like Travis it also useful for peace you could just run it first and name you won't Yeah right so the question is about how we could facilitate the installation of gigs right yeah so currently if you're using the the so called binary turbo which is a pre-compile gigs you have to then go to the manual and do each of the steps one by one and make sure you don't forget anything and that's yeah that's kind of not super convenient and you're suggesting that we should have a script that does that by default though right yeah and yeah that's probably a good idea actually it's been discussed a couple of times and I think we probably should do it although there is the department that you know we are shipping a big binary which is already I mean I can imagine that some people are not comfortable with it and so if we also tell them well just run this shell script and don't worry it's gonna be fine you know just the perception could be pretty bad so it's a bit like curved pipe SH right so we need to be careful I think about this also can we get a quick poll of the room I love to see how people's experiences of getting up and running with geeks /xs D I guess it would be so here's the range that's gonna be very good experience pretty good and could use some work all right so let's go with the very good comedy hands go wait how many people are running geeks or geeks those D can you raise your hands on that first whoa blocks okay all right now let's go for the very good yeah okay what that means that's a that's a product now okay so now that's six so that's uh okay geeks first very good okay pretty good okay how about could use some work okay what about excess D which
i think is a different beast so very good how about pretty good how about could use some work okay so I think we're seeing that geeks st is considerably harder right now my friend calls deke says of the installation experience Gentoo for adults so I'm just gonna randomly pass it microphone yeah so what's the next topic here my experience this may have changed my experience like it's the last of my rotten geeks on Debian is now like over a year ago the my experience was that setting up geeks of Debian I found easier but and kind of making sure all the environment variables are set and everything that works nicely that is way harder geeks STD installation controls bit tricky but now it's running like it's you know I don't have to worry about anything that's absolutely that's I so the publication's also a different makes me what I did recipe for a Debian package change that also for overdue and I just build that and install it so that's easier then like you said it's easier to just go geese as deep because everything just works so nice one Keeks does take care of a couple of environment variables for packages that you install but that's not sufficient right there's just just a little bit of SSL stuff for example with the look how yeah certificate certificate right it only tells you things for packages that have search path specifications and is that not right that's right thank you and this doesn't cover everything which means there's always some manual intervention required and and that kills it a bit so it my experience been but we are using geeks as such on the cluster on the cluster computing environment and on workstations and I try to make sure to provide a file that people can source it sets up the environment variables maybe we can provide something similar to that I would really like to move away from the need to do this manually because it trips me up as well - well as well should have coffee so one one topic we talked about talking about here that I definitely want to make sure we don't miss is about community I mean obviously you know we're hoping that we can engage with the community since we're have community in front of us but I think that there are some things that to me it feels like we could do a lot better at I don't think we're a sufficiently diverse as we could be and I feel like they're probably I mean my experience i've i've worked with projects that have really struggled in that regard and that have done better than average you know and and I and I think Lisp also has a reputation for being like curmudgeon II people who think they have everything right and then that kind of pushes a lot of people away and it's probably because I mean we do have a lot of things right and so it's I but I mean look at closure and racket right now which are like doing way better than like traditionalists and we definitely could be better I mean one personally one thing that I think could be improved things a lot is you know if we engage specifically with some groups like outreach ye or something like that although that would require us having the funds to do that but but I'm really interested in what we can do to improve community and then to lower the barrier especially for the groups of people we don't currently have I don't know where to go from there but Ricardo coming so so you save it in the main theater there was a talk on how to improve all it just access and one of my favorites just since they did is bringing other people into your community by asking them to do YouTube instructions because a lot of people can't code but want to share their experience using something as an operator so you mean the project could share videos giving instructions is that what you if it was just to contribute and a lot of times people will come and say how can I help and you'll say well unless you're a coder you can't help so you never want to drive away effort and so one thing that you can ask younger people to do because it's part of their culture last one any more videos oh yeah yeah precisely I had I had written an item about sharing the workload it's all about that all the kinds of tasks that we have to do somehow and many of them are non-technical like I mean we have things like like the website like people posting about what they are doing with gigs which doesn't have to be you know super sophisticated videos yeah that's that's definitely one thing like to help people discover gigs and discover what it does what it's used for how it helps and yeah I agree that we should yeah try to make it easier to discover what people can do in these areas very nice and well I was talking about this with some with some other individuals last night including Alex we were talking about so one of the problems is is that like for example before like I got into geeks I hated dem bugs like I hate it right like if that's a bug tracking system we use and it's like all email-based right and like I was like and I was trying to use the web interface to find things and I'm like this is the worst like this web interface is terrible like how do I manage it well then I found out that there's a great Emacs mode which is what everybody else like it's just like beautiful and it's like well now I don't want to use anything else right so every but like this is like a traditional especially a new problem is if we have all these things that like once you pass this very high barrier to entry yeah just like I promise you your love is just one up this mountain it's very tall but you don't feel so great when you get to the top [Laughter] in using emails yeah I tried for three times to get into Emacs for the third time I I never got out in him you know but the first few times I thought everybody's talking about I should use this too and it just didn't stick because defaults matter as well and actually I agree that departs could be more discoverable I also find it hard to use actually and I think I'm the target audience yeah and the male based workflow that we have sending in patches it does well it does have a lot of advantages one of which is that you do not need to have some account on some web application we have to log in and then click around and do things you can just send an email well this is great about it it also makes it hard to keep track of things it makes it hard to keep track of patches that you've sent in because it but you can integrate this with org-mode I guess and right but I I agree that this there's a need for something that combines those two worlds that makes it possible that we don't have to change too much in the way that our established workflows work for us and that other people find it discoverable as well yes this is actually quite amazing because geeks is as a system as a packaging system is is really approachable you know it's it's much easier than doing that bein packaging I dabbled in that too and I gave up no yeah so the best thing about Jesus is you actually can write packages quite you know low-profile easily get it done get it tested and run but then you hit the barrier because you have to submit it to you know the the trunk and
I've you know I've successfully got some packages in so I'm proud enough to say that it works but you know it's I find it so hard and tedious that I'd actually don't do it at this point and the question really to to to the maintainer of geeks is you know can we not find a way that we you know please both please both audiences one is the you know the highly professional I should say one good has gone over the mountain you know and they're there happily above there somewhere but there's also people that you know just you know would like to use something like github yeah submit a patch have somebody look at it you know and and get some response it doesn't necessarily even have to go into into into mainline yeah the point really is that you want to get make it easy for people to get comments and encourage them actually to to continue working on those patches until the point that they actually ready to get it to trunk so part of the challenge with this is that this is a boy would be great to have a big complicated tool that doesn't exist and like everybody is busy in the community already with our own big complicated tools that do exist and take a lot of work right so like so I know that I remember I can't remember what it is it's a Conservancy like software hosting thing you know I'm talking about they like they were really interested in having something that both has an API that you could like use an Emacs and stuff but that also has like a web interface and stuff like that but like that project doesn't have like also I don't know if it has a lot of momentum right now so like kallithea I think that's it right now so like these things are really important and useful right now we're stuck between choices that seem very binary right like they're either you've got a very I don't know what the answer is for that yeah so regarding tooling I think there's a kind of a cultural issue I mean it's it's pretty clear that I mean some of us are kind of used to their current workflow and everything so it makes it harder to move to something else in general that said I mean I can understand that it's it's not necessarily trivial it's like that big mountain definitely for people not used to it so yes what option would be to use to have some sort of in like an instance of gitlab that we could use and test drive you know we don't have maybe to switch directly to something but we could try out something right and maybe have two systems at the same time while we figure out how things work and whether it's good for us and I've been told by a Animax person that gitlab is not that bad even for for the kind of person like me who likes to do things in Emacs and have email and stuff so I don't know maybe maybe it's an option I I guess we just need to try out and yeah please yeah it's also about you know trying out another tool and that's quite a lot of work also so that's not people so yeah I mean you know why not have two systems and one cold one you know the incubator or or the teacher or the helper you know where people actually learn and it could actually be managed by different people it doesn't have to be the same thing right this is I think you're talking more about processes then tools right yeah I think we'd I mean if when someone post patches is the remaining list sauce definitely way too often it takes time to get an answer I completely agree but most of the time there are people who try to do some sort of mentorship and it's I think it's it's quite good I would say but obviously it doesn't really scale also and I mean just just because we have two different tools or two different repos let's say doesn't mean that there will be double the number of people to actually do that work and that's that's yeah that's a scalability issue we also don't want to end up in a situation where we have to completely destroying systems that are very important yeah so wait do we want to jump onto it I feel like we've covered that one pretty well do we have to I mean I mean it's not just a useful like doing business this is a hard problem like Debian has is to work but also like you know the project that are working it work like we've got a bug tracker and there are tons of patches that just sit there and just people gonna get around to them and especially people who are not necessarily like who's first patches it is we're not really known in the community like this is kind of element of like you know someone never you kind of might look at the patch earlier there's that element that's kind of just part of like large projects see these are to a certain extent tools definitely help so we need to investigate this video a little vanities and I do think that it is it is easy sometimes to kind of obsessed over believing that tools will fix the problem and that's not necessarily true I mean I do think we should be working on it right but like I mean media Gravlin has a lot of issues in its tractor and it has a web interface bug tracker right and we and if you the average github repository has no shortage of the issues and pull requests right so I mean we there's a lot we can do to make it easier but of course it's easy to kind of put so much faith and if we can only get better tools and that especially happens with programmers right because we love tools right it so but a lot of it is also social - it's there and it's not one or the other it's both I think should we at the the next language to FA s on top of the gal ritual machine yeah so the question is about how we can avoid overlap between Nixon and Geeks or share sharing work here that's a difficult question because I mean so does the low-level part is the same right so in theory we have derivation and Nix has derivation and that's the same thing but then it's not just a technical issue right like geeks is building a fully free distribution for instance whereas next pkg is doing something different which is I mean an important project also but you know we have different thing on different views and how to do things like even packaging or that kind of thing so we can we cannot ignore this part of the problem right it's not just technical but then yes I definitely think that we should at the very least share ideas if not code we are we actually already share code I mean we've been using the build daemon from NYX and it's it's wonderful I mean geeks wouldn't exist without NYX in the first place right but yeah sharing ideas at the very least is something we can do and it's it's cheap right and I'm sure we have a lot to learn from each other and we geek people have a lot to learn from NYX obviously because NYX OS and NYX ups is more mature so yeah we should talk more I would say you you had a questions and we add a confusing [Music] but I think oh that the guarantee this so so Frida's of javascript is definitely a concern of mine i the what a lot but part of the problem is is if the web is also a large ocean that I don't have a lot of control over how much of it it has free JavaScript Gina so I mean you know I guess the best thing you could do in that circumstance is contact them and encourage them to free their JavaScript or you know submit it to a meeting upon instance or something but but anyway are there other questions [Music] all right so yeah I have mixed feelings because right so the question is about how how about having tools in geeks SD that would allow you to quickly hack something as opposed to having to run give system reconfigure right yeah so I
think you know the functional a hundred percent reproducible model is inherently very static and a bit rigid to why I mean we do geek system reconfigure because we want to make sure we have the exact same system as if we had install from scratch right but at the same time I'm also a big fan of geyser and ripples and life hacking and I'm also not fully satisfied with the fact that we have to go through this process every time we just want to make a single change I would like to have something like if you're familiar with zmax like control meter X which means evaluate this expression right now but I I mean it's a hard problem I don't know how to merge the two requirements so I mean I agree with you we need something I just don't know exactly what it should look like I can only say that in my experience so far I really like to reconfigure things I always do you're talking about X's D right I've never actually hacked on the operating system as it is in the store in order to create some effect you know because I really like the guarantees that a reconfigured system gives me this is what always annoyed me about traditional system configuration is that the you make a change here and you make a change there and then you start forgetting exactly what has changed and you try to recreate this and there's just no way to to be sure that you've recreated the the exact same steps and I feel that this should be a thing of the past so if reconfiguration is considered an obstacle the we would have to figure out why that is is it too slow can we make it faster I'd rather not soften the and of the boundaries that we have but let's just me personally no I do however hack on on packages that were already build because sometimes rebuilding everything from sourcing you know that there's really just one it's like it emails Nathan move in you're hacking or new max and you really just want to play with what's there I I did that before just making the store right again but I don't do this regularly alright I can understand the desire to do this it goes against everything that we as an example are built from Hydra dot org so it's not raining geeks SD because it dates back to the days where you could barely install packages with geeks and so it's running twist call I think and we've been hacking around and that machine to the point that we don't really know what's going on there and so we're finally switching to a new bit far from ten which is called Bayfront which is running geeks SD right from the start and I can tell that yes having everything under version control is is wonderful silly about the peer to peer project and it's phenom yeah and the idea of package chain and which is the irrationality detective unit stuff right yeah so yes so the question is about sharing packages over in a b2b a fashion so there was a G sock project on this topic about using glue nets file sharing components and pushing binaries to glue net instead of using HTTP basically and that's I think that something many of us still want to see happening but it's just that technically there are still obstacles one of them is that new net doesn't yet have a stable release process so that makes things a bit more difficult right but yeah for instance during ji-suk the student world bindings for this for goo net guy bindings and also some sort of a proof of concept that would allow you to push binaries to blue net and to kind of retrieve them but it was yeah poof of concept and again as glue net is currently a moving target we don't seem to be able to make much progress on this ones I think we're technically over time but maybe but we can still excuse having at least one more question that probably goes to Ludovic more than anyone but you know no wait literally amber caudill your book maintainer x' but I see 1.0 in 2017 on there what do we need next to get to 1.0 whatever what are what are the next steps I can just read it no one thing that is I think we would all agree is bad about keys at this point is geeks pull and it's also because none of us are using it so we don't feel the pain as often as we should to change it and geeks pole needs to become better gigs Paul is a is anyone using gigs pull here Keeks Paul is very naive implementation right now it gets the latest version of geeks compile that and creates assembling so that the version of geeks you are using is the latest version actually not even true pop part of that yeah so for 1.0 gigs Paul should be extended such that not only it becomes actually usable but we've been thinking about this a lot we've discussed this a lot that we would like to be able to go back in time with gigs so that you can say I would like to have gigs at this particular version without having to use low-level tools like git and checking out an old version and running make there and then using that to build an old version of a piece of software that was available in geeks s history it should be the front end for that so you can have multiple versions of geeks that you can switch to and from and that relates closely to the idea of having channels geeks to geeks poles credit I think it's not obvious how bad it is to most users but that's also to its detriment that they don't know how bad things are under the hood and how much they should be worried okay I shouldn't say yeah just so just to give an idea of how bad it is but I mean fortunately it's not just our problem it's a problem that we share is pretty much any project that uses get nowadays which is that geeks pool is essentially fetching stuff from kids but it does not authenticate what it's fetching all right so like we're fetching from savanah but if there's a man-in-the-middle attack you're fetching a different set of packages and you don't even notice right and that's that's a bit of a problem but it turns out that everyone has this problem with kids I mean so there is work people are starting to realize that it's kind of a problem we need to be able to authenticate checkouts but there is no simple solution right that's the next item on the list perfect so that's that's something we need to work on and for example people these two people have been looking at I mean there is this thing called the update framework Guf and it's great but it's really biased towards these tools that have you know source on one hand and binaries and repos on the other hand like in
Loading...
Feedback
hidden