I wanted to remind people about this drama from the creator of HA, Frenck toward Nix maintainers packaging Home-Assistant in nixpkgs.
If he behaves in this immature, dictatorial way, it is not a stretch to think that he will eventually close his source code and/or cash in on the popularity of his open source software like the Pi Foundation and OpenAI did to differing degrees.
TLDR; Frenck is convinced that he has the right to unilaterally mandate how people package his free, open source software and, in my opinion, will most likely behave with similar lack of integrity/lack of transparency with regards to profiteering off of his work eventually. We should fork the project ASAP to protect it from the power-hungry Luddite in charge (that reminds me of Spez).
Python generates hashed lock files of every dependency it builds. It simply queries that and matches that against its own builds. If they’re not using lock files and such, there are MUCH bigger problems in that project. ;)
Plugin systems don’t rely on lock files, they’re not part of the build at all.
Wow. I stand corrected. That’s actually scary. Has anyone mentioned a solution to this glaring issue? It’s fairly trivial to do that by the way. All that needs to happen is to hash the output of each plugin and the version numbers and compatibility issues would be easier to understand and reproducible.
I’m guessing that those plugins have their own nix derivations that are handled in a more reliable manner. No wonder the dude has extra technical debt popping up! He hasn’t even thought to atomically declare his dependencies.