unofficial mirror of guix-science@gnu.org 
 help / color / mirror / Atom feed
* “What’s in a package”
@ 2021-09-20 12:36 Ludovic Courtès
  2021-09-21 20:20 ` Katherine Cox-Buday
  0 siblings, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2021-09-20 12:36 UTC (permalink / raw)
  To: guix-science, guix-devel

Hello Guix!

I and others are often disappointed (or angry!) when looking at the
weaknesses of the most popular software deployment tools.  I felt that
acutely after packaging PyTorch last month and felt the need to look
more closely at what others are doing and to document our motivation,
having put so much sweat in all these packages:

  https://hpc.guix.info/blog/2021/09/whats-in-a-package/

It’s probably no news to people here, but the packaging approach has a
direct impact on verifiability, and thus on security and transparency,
as expected from a scientific process.  The idea is to explain all that
looking at the contents of packages, in particular for pip and CONDA.

Feel free to share with non-Guix people and to comment!

Ludo’.


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-09-24  9:04 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-20 12:36 “What’s in a package” Ludovic Courtès
2021-09-21 20:20 ` Katherine Cox-Buday
2021-09-22 13:32   ` [Spam:]Re: " Konrad Hinsen
2021-09-22 15:02     ` Katherine Cox-Buday
2021-09-22 18:20       ` Konrad Hinsen
2021-09-22 15:44   ` Jonathan McHugh
2021-09-22 19:44   ` zimoun
2021-09-23  7:36   ` Ludovic Courtès
2021-09-23 15:25     ` Katherine Cox-Buday
2021-09-24  9:04       ` Ludovic Courtès

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).