Ariadne Conill 🐰5d ago

things in alpine that have driven some doubt for me for some time:

- the overall governance situation (not fixed, but maybe marginally improving)

- apkv3 file format (i think it is good to use tarstreams, they are not dangerous)

- APKBUILDs just feel obsolete compared to melange

Show threadAriadne Conill 🐰5d ago
the fact that at least one developer stated that disclosing somebody else's publicly-documented conflict of interest is "doxxing"
Show threadAriadne Conill 🐰5d ago
i think my conclusion is that i want to build something better instead of continue to be a squeaky wheel that people find annoying
Show threadAriadne Conill 🐰5d ago

the fact that developers spend 90% of their time toiling with manually bumping packages, and this is why we "need" AI contributions

this stinks. it's bad engineering.

Show threadCassandrich

@ariadne 90% of the work should be reviewing the changes to packages before bumping them to get at least some degree of confidence that there is nothing unsafe/breaking/hostile in the new version, and that's something that can't be automated.

Whether or not they automate the mechanical act of bumping, that act should be a tiny portion of the actual work of maintaining a distro package.

Jun 24 at 2:17pmWeb
Show threadAriadne Conill 🐰4d ago
@dalias distros generally don't do that level of review, we assume good faith from upstreams unless demonstrated that we shouldn't.
Show threadSertonix4d ago

@ariadne @dalias

You can assume good faith and still need to check if a downstream service/config/patch file needs to change. Stuff like that is not always in release notes (if they exist at all).