Perhaps the most difficult case ever for packagers: They do all the things that make packaging a nightmare:

* Build the tool with itself
* Circular dependencies: Gradle needs to build which needs Gradle to build...
* Depend on snapshots to build releases, but then they don't keep a way to reproduce the snapshot releases github.com/gradle/gradle/issue
* Java-style bundling of all dependencies
* Hidden proprietary depends github.com/gradle/gradle/issue

thanks ebourg for keeping on!

@eighthave That sounds like a rather fragile build tool that can't be built without somoene else's prebuilt binary. Ouch.

Follow

@static yes exactly. its not a good root of trust.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml