On Mon, 10 Jul 2023 03:41:59 +0200 Denis wrote: > That same paper from 2019 has some numbers: > +---------------+-----------------------+ > | Debian | over 59 000 packages | > | Maven Central | over 290 000 packages | > | RubyGems | over 150 000 packages | > +---------------+-----------------------+
there is one hugely important factor missing from that numerical comparison - debian repos are curated/audited/vetted, all are built from source, and all source code is provided - simply "adding" 150,00 packages to guix sounds like a big deal? - consider that _none_ of them have yet been audited by anyone who cares about licensing > So here we have 3 cases: > - Repositories that are 100% free software -> nothing to do. only one is known (cabal) > - Repositories that are not 100% free software but have strict > licensing -> Can be fixed somehow with the same approach than R. only one is known (flatpack) > - Repositories with lax licensing information: Very complicated to fix. that is all the rest (dozens of repos)
