So we have DHH with his unhinged posts on one side, and Arko wanting to sell PII on the other. Great!
I think we need an f-droid-like project for Rubygems that builds the gems from source, and takes care of signing, and is backed by a non-profit that is independent from Rails/Shopify
Gem can pull in gems from any repository, even straight from a git server like GitHub. And most of the time gems are built from scratch on your computer, Nokogiri is the only one I can think of that isn't.
The problem, as with every package manager, is transitive dependencies. It's all well and good to set up direct dependencies to only pull from git repositories, but bundler still needs a way to resolve those gems' dependencies.
You could pre-resolve every dependency in your chain to a git repository, even to a fork under your own control, but that will end up being a maintenance nightmare.
Can't a middle compromise happen as it happens in something like golang?
Can some vps/serverless provider not do this like fly.io as an recent example with kurt got got? or hetzner?
I think that golang's model can actually be sort of cheaper/ more cost effective for servers as compared to how ruby might be doing it right now and so cheaper might mean that a new non profit can be created which can work on less money/outside funding/drama overall
Retrofitting Go's dependency model into Ruby is not trivial. Go has used full URLs for dependencies from the jump, making a central package repository irrelevant. Ruby doesn't have that. At best you might have a source code URL in the gem source that you can access from a gem server, but that doesn't really anything. Someone still has to provide the index.
> I think that golang's model can actually be sort of cheaper/ more cost effective for servers as compared to how ruby might be doing it right now and so cheaper might mean that a new non profit can be created which can work on less money/outside funding/drama overall
It also means no code signing and the natural capture of most of the ecosystem by Microsoft (due to devs preferring to host their code on github, a bundler that lacks package hosting will be entirely at the whim of MS)
If you are worried about github/MS capture...
Then my suggestion is to just create mirrors of golang projects you like on gitlab/codeberg
But this is so so much better than having arko or somebody having your PII.
Like I hate github but I am pretty sure that people there aren't actively looking for my PII when I download go projects or that a single person couldn't really access it I suppose
I am not really familiar but if I remember the heads project related to coreboot isn't there a way to sign your github repository with your ssh key or something related (I can be wrong, I usually am)
Like I know it could be a pain in the ass but if you are so worried about github, what if we could optionally have everything be gpg'd via ssh keys & the project could only work if someone shares a ssh key
And something like rubygems could just have a name <-> github mapping <-> gpg mapping and it might require some additional software right now but I am just giving ideas maybe for new languages as well I am not sure
What are your thoughts? And what do you think the ideal way could be. I have heard from many people (like primagen) that golang is the best package model and I also resonate with that statement but yeah github is a bit of menace/threat to open source
All the more reason to use something like codeberg!
Not even sure why you are being downvoted, this is such a great idea actually.
F-droid has been so professional and they are just so professional
There was this developer (axet) who recently accused f-droid of somehow convincing the users "maliciously" that the funds are going to the the creator and f-droid when in reality it was going to f-droid and he name called them and what not..
Do you know what f-droid team still said?
They said that they can help him in the donation process and remove theirs and they actually took some feedback from what I know...
They clarified that the donations in their about page that the money that you donate through f-droid in their website's homepage donate goes to f-droid only which should be obvious but for some it wasn't
they also had f-droid donate in the website links of apps and I am not sure when they stopped it but they also stopped it and I deeply deeply respect it.
Like, okay maybe mistakes happen but f-droid is seriously good corporation. We might need something like that for sure. I genuinely think that out of thinking about open source so much, I realized that we need to have priorities to share things about open source.
F-droid is on the top of the list, its just that great, then there is signal/grapheneos or maybe all 3 are on top...
F-droid as an organization is something that I deeply appreciate and its a shame of google's attestation. I genuinely love f-droid nowadays.
> Not even sure why you are being downvoted, this is such a great idea actually.
Expressing negative opinions about DHH is not well-received here.
Oddly enough the Ruby community includes both the most thoughtful and gentle people and the biggest assholes I know... I refuse to believe the latter are not fringe.
DHH is not a good guy but the hype around him made me feel so. He's weird and racist and fascist.
Stop the hype around dhh and everyone please read the article everybody here's DHH reality
Let’s ditch the superlatives and review David’s post objectively:
He thinks that even if you were born in the UK, you only count as British if you’re white.
He wouldn’t consider living in London specifically because it has too many people of color.
He uses racist tropes to accuse Asian men of being dangerous predators who attack white women.
He pushes debunked conspiracy theories about immigrants replacing white people.
He finds a march where speakers called for banning all non-Christian religions and ethnically cleansing immigrants “heartwarming”.
Finally — and maybe most alarmingly — he argues that all of the above is normal and not extreme.
You can use whatever word you want to describe all that. But if you, like me, didn’t realize that this is who DHH is, we can probably agree that he’s way worse than we thought.
The above lines were from the article
This guy shouldn't remotely be talked about in a good light imo, yes I appreciate open source but I can't seperate the art from the artist.
I genuinely don't know why they defend this guy.
HN literally flaged this post in literal minutes when it had come out but I was lucky to have read it and I will continue to spread this word because HN's moderators seem to flag anything like this and its kinda sick and enabling behaviour really
They will allow the post that cf is sponsoring omarchy promotion thing or omarchy links in general but not a dhh-is-way-worse-than-i-thought/and I was surprised by how quickly they deleted the post that after I had read that post, it got flagged and I couldn't even write a comment.
A little bit Shocking if I can be honest.
I was on omarchy but now I am on cachyos hyprland and I learnt some custom live iso stuff too, I might make an article about it... I edited this because maybe I got a little angry towards DHH but I genuinely don't like the guy. I genuinely admired him as a person untill I found about it and I have strong opinions on him.
I think its the paradox of tolerance, should we as a society be tolerant to the intolerant people?
I hope that you have read the article but they have given a sound reasoning behind it.
DHH mentions 39% or something which was the population of native white and not native british as an example...
Please read the article link and they have given a proper sound reasoning...
>Do you legitimately believe DHH would say those are his beliefs?
Yes, I mean, DHH wrote it in his own blog post. There is still an argument to be made that DHH is far right but even he knows that it is bad and somehow tries to normalize it...
DHH might not say that these are his beliefs but his words in his blogs logically point to this conclusion. Why do you think that DHH said those words in his blogpost if he doesn't believe in such similar far right ideologies? Nobody forced him to write a blog post but himself...
Why do you think such things are not what DHH believes in? Do you have any evidence as the author of the article provides for their reasoning/interpretation?
> Why do you think such things are not what DHH believes in?
Because the one thing DHH doesn't do is shut up.
He hasn't really been the kind of person who minces words, he says what he thinks, and he is pretty unafraid of pissing people off. If he wanted to make explicit racist statements, it feels like he would make them.
My read is that this is broader commentary on civic/cultural integration. There are, fundamentally, immigration challenges that present themselves in modern society, especially when cultural values are different. I don't know that it's wise to believe that everyone will eventually see the world the same way, and we are then left with a question of how to reconcile that as we develop our societies and cultures.
Tommy Robinson is a violent anti-Islamic voice -- But, we've unfortunately found ourselves with those voices being the ones willing to speak to the problem that a growing portion of the population feels is unaddressed.
I don't think these are easy problems. I also cringe at calling Robinson's march "heartwarming" without qualification.
Yet I still am not willing to, without much stronger and more explicit evidence, read into DHH's words and label him a `far-right racist` -- Because I think that label loses effect when it's applied to every person that we disagree with on certain policy issues.
I think we need an f-droid-like project for Rubygems that builds the gems from source, and takes care of signing, and is backed by a non-profit that is independent from Rails/Shopify