Closed RustoMCSpit closed 2 months ago
I am going to say no to this, for several reasons:
so with those the project does not inspire confidence and I do not want to be part of it. I could understand the discord part, but lack of transparency regarding the origin of the builds/binaries is a big red flag. you are basically incentivizing users to download and run random binaries that they have no way to verify to not be malicious.
I will reconsider my stance once studiorack project gets reproducible builds, with publicly visible logs for them. until then it is hard no.
I will reconsider my stance once studiorack project gets reproducible builds, with publicly visible logs for them. until then it is hard no.
please contact the dev with all of your issues, it's a solo project so forgive them for shortcomings. just make issue requests here https://github.com/studiorack
heres the email if you need it hello@kimturley.co.uk
also, revolt is a foss clone of discord so if you make that issue request tell them that
i contacted about discord, please do the rest!
Hello, I am the creator/author of StudioRack open-source plugin management system.
Firstly thanks @RustoMCSpit for trying out my tool and for encouraging others to take a look. I have done everything myself so far and it is nice to have some help!
@falkTX Nice to meet you, I have seen many of your projects and you really have made difference in the open-source music world. So thank-you for that!
I will caveat that StudioRack was entirely created by myself in a vacuum, so there will likely be areas I overlooked and could definitely improve. I welcome feedback and suggestions for improvements!
Addressing the concerns raised:
If you click on the plugin author name, it will take you to the source code. It is a little bit hidden. I will work on making it more obvious!
Yes you're 100% right here, the builds were manually added as releases by me. So in theory I could've injected malicious code. This was a short-term solution until I had the GitHub actions pipelines auto-building plugins.
I created templates for each plugin framework here: https://github.com/orgs/studiorack/repositories?q=template Which will run the build for Linux, Mac, Win and add the plugin.json the images and audio and create the release from a git tag. I managed to get it working for a few plugins, but every repo is different and got stuck on some.
My plan was to add the pipeline automation to all plugins, instead of manual releases. Which would solve this point!
I was not aware of concerns with Discord and open-source. I am a member of sfz, sfizz, Owlplug, audioprogrammer Discords and it has not been mentioned. If this is a blocker I could absolutely consider migrating there. I just signed up and looked for audio plugin servers, couldn't find any but perhaps they are private?
@RustoMCSpit has created issues against my repos to address concerns, so I will address them there. feel free to open more issues and I hope I can make it a better tool for everyone to use!
3. Use of Discord
I was not aware of concerns with Discord and open-source. I am a member of sfz, sfizz, Owlplug, audioprogrammer Discords and it has not been mentioned. If this is a blocker I could absolutely consider migrating there. I just signed up and looked for audio plugin servers, couldn't find any but perhaps they are private?
revolt is a tiny community, youll have to post links in your readme and people will join eventually and tell your discord to migrate over
Description
It's an open-source plugin manager called StudioRack: https://github.com/studiorack
The aim of the project is to provide a free open-source way to manage plugin dependencies and their versions. It would involve the following steps: