Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That justification doesn't work here - I provide vendored tarballs, so the source code availability argument is moot.


But it’s not guaranteed. The Debian way provides a method of allocating responsibility. So if anything does go wrong they can point to a responsible party, the package maintainer. By providing tarball source you’re trying to placate responsibility of some code. You could build those tarballs on a different machine/different OS and any issues wouldn’t technically be your problem because “it’s just deps”.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: