Eugen RochkoI know that Gitlab's debian/ubuntu packages use this: https://github.com/chef/omnibus
Perhaps that's the path for a Mastodon package, too
dave@Gargron I do not recommend it. Bundling all dependencies leads to vulnerable software.
@dthompson Dependency versions are still pinned for each release, so I think that's a moot point.
val@Gargron @dthompson Still, security updates of the OS are not applied to the dependencies.
It means that maintainers of the Mastodon package have to watch carefully security advisories for *all* dependencies and update the package every time.
It means that maintainers of the Mastodon package have to watch carefully security advisories for *all* dependencies and update the package every time.