I wanted to remind people about this drama from the creator of HA, Frenck toward Nix maintainers packaging Home-Assistant in nixpkgs.

If he behaves in this immature, dictatorial way, it is not a stretch to think that he will eventually close his source code and/or cash in on the popularity of his open source software like the Pi Foundation and OpenAI did to differing degrees.

How it started.

TLDR; Frenck is convinced that he has the right to unilaterally mandate how people package his free, open source software and, in my opinion, will most likely behave with similar lack of integrity/lack of transparency with regards to profiteering off of his work eventually. We should fork the project ASAP to protect it from the power-hungry Luddite in charge (that reminds me of Spez).

  • demesisx@infosec.pubOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    That immutable state considers the lock files of ALL the dependencies listed and needed to build the software. You don’t seem to understand the technology enough to weigh in.

    It downloads them then compares them with the expected hashes. If they don’t match, it literally won’t build.

    • NeoNachtwaechter@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      3 months ago

      You don’t seem to understand the technology enoug

      Ah. So there are even more people whose fault is that they do not understand…

      ;-)

    • Hawk@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      I probably don’t know enough about the project, but how can it know what requirements plugins installed at a later time have?

      • demesisx@infosec.pubOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Python generates hashed lock files of every dependency it builds. It simply queries that and matches that against its own builds. If they’re not using lock files and such, there are MUCH bigger problems in that project. ;)

          • demesisx@infosec.pubOP
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            Wow. I stand corrected. That’s actually scary. Has anyone mentioned a solution to this glaring issue? It’s fairly trivial to do that by the way. All that needs to happen is to hash the output of each plugin and the version numbers and compatibility issues would be easier to understand and reproducible.

            I’m guessing that those plugins have their own nix derivations that are handled in a more reliable manner. No wonder the dude has extra technical debt popping up! He hasn’t even thought to atomically declare his dependencies.

    • yggstyle@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      From what I gather here you have a particular flavor of a distribution that does not work with a foss piece of software. This is not uncommon.

      Developers have finite time and energy to put into the development of their platform and likely spend that time supporting their existing user base. Just because you took the time to learn esperanto and think it is a superior language does not mean everyone else must cater to your whims.

      Based on your statements you seem to “understand” nix… Instead of demanding they cater to your needs: Perhaps you should undertake the burden of forking, modifying the code, and supporting the vast ecosystem of addons then. Surely it would be a trivial matter.

      • demesisx@infosec.pubOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        That’s the thing that NONE of you get. We literally don’t need anything nor are we asking anything of Frenck. We packaged Home-Assistant and there it sits in nixpkgs without ANY involvement from Frenck.

        • fuzzy_feeling@programming.dev
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          and that’s what YOU don’t understand:

          you take his software and put it on your platform, without supporting it propperly…

          don’t package it, if you are not willing to support it. simple as that…