I wanted to remind people about this drama from the creator of HA, Frenck toward Nix maintainers packaging Home-Assistant in nixpkgs.

If he behaves in this immature, dictatorial way, it is not a stretch to think that he will eventually close his source code and/or cash in on the popularity of his open source software like the Pi Foundation and OpenAI did to differing degrees.

How it started.

TLDR; Frenck is convinced that he has the right to unilaterally mandate how people package his free, open source software and, in my opinion, will most likely behave with similar lack of integrity/lack of transparency with regards to profiteering off of his work eventually. We should fork the project ASAP to protect it from the power-hungry Luddite in charge (that reminds me of Spez).

  • demesisx@infosec.pubOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Python generates hashed lock files of every dependency it builds. It simply queries that and matches that against its own builds. If they’re not using lock files and such, there are MUCH bigger problems in that project. ;)

      • demesisx@infosec.pubOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Wow. I stand corrected. That’s actually scary. Has anyone mentioned a solution to this glaring issue? It’s fairly trivial to do that by the way. All that needs to happen is to hash the output of each plugin and the version numbers and compatibility issues would be easier to understand and reproducible.

        I’m guessing that those plugins have their own nix derivations that are handled in a more reliable manner. No wonder the dude has extra technical debt popping up! He hasn’t even thought to atomically declare his dependencies.