@tesfabpel @blog Correct, the Cargo dependencies are packages in source code form, although in Debian, we only have one version of each package (the latest if possible, although sometimes there are complications or not enough people doing the work so it lags behind), so when you have a package that depends on many exact versions of Cargo dependencies, then it starts becoming a problem.
@alexanderkjall @blog Yikes, that talk contains some scary content, I didn't realise Nixos doesn't check uploads and that people can just include anything from Flatpacks to binaries from .debs (even non-free) in their Nixos packages! Sounds like they need something like Debian's ftpmaster team to review packages and a stronger packaging policy!
- replies
- 0
- announces
- 0
- likes
- 1