“What’s in a package” 📦
👉🏼 https://hpc.guix.info/blog/2021/09/whats-in-a-package/
This blog post was inspired by the sweat I put into packaging #PyTorch for #Guix and by a desire to understand what #pip & #CONDA were doing and to explain what’s at stake.
#infosec #ReproducibleBuilds #ReproducibleScience
Cc: @reproducible_builds
@civodul @reproducible_builds Wow that sounds even worse than what I found in Audacity.
@civodul @reproducible_builds Have you been discussing how to improve this situation with PyTorch upstream?
@be @reproducible_builds No, not yet at least.
There’s been interesting feedback on this blog post:
• LWN: https://lwn.net/Articles/870047/
• HN: https://news.ycombinator.com/item?id=28618074
• Spack developer (angry) on birdsite: https://nitter.net/tgamblin/status/1440547922727227393