Gentoo Archives: gentoo-project

From: Anna Vyalkova <cyber+gentoo@×××××.in>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] Call for agenda items - Council meeting on 2022-02-13
Date: Thu, 10 Feb 2022 12:02:25
Message-Id: YgT+yojWS/s0HpRi@sysrq.in
In Reply to: Re: [gentoo-project] Call for agenda items - Council meeting on 2022-02-13 by "Robin H. Johnson"
1 On 2022-02-09 23:16, Robin H. Johnson wrote:
2 > Yes, Go is the biggest nail sticking out right now, but it's a growing
3 > problem overall.
4 > - Golang modules
5 > - Rust crates
6 > - NodeJS modules
7 > - Texlive packages
8 >
9 >
10 > Third party systems would be required to provide suitable security on
11 > their distfiles. Go & Rust do. I think NodeJS & Tex don't, but I'm happy
12 > to be proven wrong.
13
14 package.lock files have "integrity" keys:
15 https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json#integrity
16
17 Texlive repository files (texlive.tlpdb) have checksums of every package
18 in them

Replies

Subject Author
Re: [gentoo-project] Call for agenda items - Council meeting on 2022-02-13 "Robin H. Johnson" <robbat2@g.o>