Dear Hartmut,
On Sat, 6 Jun 2020 at 17:29, Hartmut Goebel
wrote:
> 2. When implementing some "wrapped-fetch" (name tdb), modeled like
> "git-fetch", there is no easy way for the user to verify the hash, as
> this is taken from the "inner" tarball. How does this work with
> substitutes,
Am 02.06.20 um 21:41 schrieb Marius Bakke:
> It would be ideal to have an origin method that could extract the
> "inner" tarball, i.e. contents.tar.gz for hex.pm and data.tar.gz in the
> case of RubyGems. As zimoun mentioned, a good place to start is look at
> how other origin methods are
Hartmut Goebel writes:
> Hi,
>
> was just written in another mail, I'm currently working on a
> erlang/rebar build system. This includes an importer from hex.pm, a
> package repository for elixir and erlang packages. (Since this is build
> into rebar3 I assume it what PyPI is for Python and CPAN
‐‐‐ Original Message ‐‐‐
On Sunday, May 31, 2020 10:19 AM, Hartmut Goebel
wrote:
> Am 30.05.20 um 12:24 schrieb Ekaitz Zarraga:
>
> > I took a look to guix/download.scm I think you just need to check what
> > url-fetch/zipbomb does because the usecase is similar to what you are
> >
Dear Hartmut,
On Sun, 31 May 2020 at 10:21, Hartmut Goebel wrote:
> related to the "wrapped tarball downloader":
Sorry, I have not followed closely this topic, could you provide a
link/entry point about "wrapped tarball downloader"?
> Will this work with Software Heritage? E.g. will Software
Hi
related to the "wrapped tarball downloader":
Will this work with Software Heritage? E.g. will Software Heritage be
able to archive the unwrapped tarbar?
--
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management,
Am 30.05.20 um 12:24 schrieb Ekaitz Zarraga:
> I took a look to guix/download.scm I think you just need to check what
> url-fetch/zipbomb does because the usecase is similar to what you are looking
> for.
Yes, I've already seen this. And there also is url-fetch/tarbomb. But
this "%store-monad"
‐‐‐ Original Message ‐‐‐
On Saturday, May 30, 2020 10:39 AM, Hartmut Goebel
wrote:
> Hi,
>
> was just written in another mail, I'm currently working on a
> erlang/rebar build system. This includes an importer from hex.pm, a
> package repository for elixir and erlang packages. (Since
Hi,
was just written in another mail, I'm currently working on a
erlang/rebar build system. This includes an importer from hex.pm, a
package repository for elixir and erlang packages. (Since this is build
into rebar3 I assume it what PyPI is for Python and CPAN for Perl.)
At hex.pm, packages are
