Replying to Avatar frphank

There is also a larger problem here. Your thinking revolves around isolated, single responsitories. But the open source world has repositories referring to one another.

Example: https://github.com/simplex-chat/simplex-chat/blob/stable/cabal.project #L34

The whole chain of repositories must be decentralized and highly available. This is the problem I have to solve.

Avatar
DanConwayDev 1y ago

This is a good point. There is often a lock file referring to a particular state of each dependancy. However centralised package managers are almost always trusted by project maintainers to provide the authoritative latest state. There are usually only a small number of authoratitive package providers for each tech stack with have strategic lock due to network effect and language specific features.

Is this what you mean?

Reply to this note

Please Login to reply.

Discussion

No replies yet.