zopsicle
commented
5 years ago We can now automatically generate cpan.nix. ecosystem.nix will not be automatically generated because that seems to be impossible to do reliably without formalized releases.
Closed zopsicle closed 5 years ago
zopsicle
commented
5 years ago We can now automatically generate cpan.nix. ecosystem.nix will not be automatically generated because that seems to be impossible to do reliably without formalized releases.
With so many modules being uploaded continuously it is impossible to maintain this file by hand. Generate it automatically whenever new packages appear in the ecosystem. A timer can do this and create a PR or even push directly to master.
This may be seen as a security vulnerability, since we would not be auditing the code. However, I think that would be up to the user of META62Nix, not the maintainers. And if they already have META62Nix pinned, this is not an issue until they upgrade. And once the upgrade, they can verify the packages themselves since those are all pinned in ecosystem.nix.