Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Would you recommend a different distribution mechanism? The Apple binaries are all signed (in accordance with Apple policies), and the team has historically invested significantly in supply chain security. e.g. (a now 2 year old article)

https://opensource.googleblog.com/2022/09/flutter-slsa-progr...



I'm in the camp of "if I can't build it, then it's not open source" so https://github.com/Homebrew/homebrew-core/blob/d314f3ebba9e7... is a good start, but there is no .../f/flutter.rb although there is https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=flutt... but I haven't been soaking in the AUR ecosystem long enough to be able to port it to Homebrew

All those words to say that if there was a .github/workflow/release.yml showing the steps required to cook a release artifact that would be the best(?) documentation since it is kind of like a Dockerfile in that it's computer executable but mostly human readable

I don't mean to poo-poo all the "supply chain security" effort, but you have to recognize that right now it's "trust me, bro" since https://github.com/Homebrew/homebrew-cask/blob/27c351ccb59fb... does check the sha256, and good for them, but gives me no way to trace back to any file in https://github.com/flutter/flutter/tree/3.24.4




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: