On Tue, Oct 20, 2015 at 08:51:22AM -0400, David Thompson wrote: > I've grown very tired of trying to convince people that independent user > verification of binary releases is an important thing to prioritize, but > they think that users do not want the source code. I've tried to make > my arguments as clear as I could, yet they've been misunderstood by some > and rejected entirely by others, and now it is time to give up.
As someone with zero Ruby experience, I find this very confusing. Are you saying that they don't think it's necessary to be able to build the Gem "binaries" independently? If that were true, how can RubyGems be a trusted intermediary between software authors and users? How can users verify that the RubyGems people are not distributing malicious "binaries". Am I totally misunderstanding the role of RubyGems in the Ruby world? > This effort has drained too much of my enthusiasm, and now I need a > break. :( We all have experiences like this once in a while. Everyone appreciates the work you do on Guix. Hopefully you can come back with some fresh energy when you are ready!