github
nixpkgs
github | nixpkgs | |
---|---|---|
30 | 975 | |
2,146 | 15,753 | |
- | 2.2% | |
3.0 | 10.0 | |
almost 3 years ago | about 23 hours ago | |
Nix | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
github
-
How I Fixed GitHub's Repo Traffic Insights ๐ ๏ธ ๐
While looking for solutions, I realized that many developers face similar challenges. This issue is widely discussed, particularly in a GitHub thread: Track traffic to GitHub repo longer than 14 days #399.
-
Organizing Multiple Git Identities
Probably the older email address is still the primary one for the GitHub account.
GitHub took it upon themselves to change email addresses and author names when merging via the UI buttons like "Squash and Merge" in 2018 and then again in 2019. See <https://github.com/isaacs/github/issues/1368> for the tedious details.
Essentially the post-2019 behaviour seems to be that where possible with "Squash and Merge" they will set noreply@github as the committer so that they can sign the merged commit themselves, and set author name & email to what they have recorded for the GH account involved (and the signature is then a record that GH have verified that account's involvement).
Personally I think it is shocking that they ignore the name and email address that the actual author of the commit has selected. This is both a violation of the author's intentions -- for example, you may set work and personal email addresses in different repositories as discussed here, but GitHub will rewrite them all to the same thing when other people press "Squash and Merge" on your pull requests -- and potentially a doxxing security risk.
I have considered re-reporting this to GitHub via the newer community discussions or via support again, but given the extent to which they've ignored all such reports over the last five years it is hard to find the motivation to do so.
- GitHub prevents crawling of repository's Wiki pages โ no Google search
-
How do Commercial Open Source Startups manage GitHub insights > 14 days? Is everyone using a workaround? How are "unique" cloners and viewers kept track off?
However, there is a massive issue. Github by default truncates insights to t-14 days (where t = today). This is super annoying as there is a discontinuity in data. There is also an archived issue on Github regarding this. The issue has a whopping 119 comments and has been around for over 8 years now. Basically, from the discussions there - Data you don't persist today will be gone 14 days from now. And looks like Github hasn't done anything about it.
-
Reimplementing the Coreutils in a modern language (Rust)
> Hi, people have made money using my code and I also donโt care
looks like everyone's missing the point.
> I understand this is upsetting to you
Again, maybe I am on another level of comprehension, so I don't understanda why it is so hard for someone to get it, but I am not upset by that, at all.
I simply know that those who think "it will be fine" are delusional and don't know what they are talking about!
So I just will paste some link to relevant news here, maybe it will make things clearer.
It includes the opinion of Antirez, father of one of the most successful OSS ever: Redis. Maybe his words will open your eyes and tear the veil of Maya.
(spoiler ahead alert!)
Basically you work for free and people don't even thank you and the maintainer ends up being doxed or blamed or pushed aside and in the long term the only solution to keep sanity is to resign
https://www.jeffgeerling.com/blog/2022/burden-open-source-ma...
https://www.theregister.com/2022/01/13/opensource_apacheplc4...
https://nolanlawson.com/2017/03/05/what-it-feels-like-to-be-...
https://old.reddit.com/r/linux/comments/z14tt2/reason_why_op...
https://github.com/isaacs/github/issues/167
http://web.archive.org/web/20221217180915/http://antirez.com...
-
Git archive checksums may change
I don't know what the fuss is all about. It was publicly known that Github was breaking automatic git archives consistency for many years. Here is a bug on a project to stop relying on fake github archives (as opposed to stable git-archive(1)):
https://bugzilla.tianocore.org/show_bug.cgi?id=3099
At some point it was impossible to go a few weeks (or even days) without a github archive change (depending on which part of the "CDN" you hit), I guess they must have stabilized it at some point. Here is an old issue before GitHub had a community issue tracker:
https://github.com/isaacs/github/issues/1483
-
Keeping a Project Bisectable
Hello, I see you stepped on my favourite personal soapbox! :)
https://github.com/isaacs/github/issues/1017
I really, really like semi-linear branching/merging. I.e. always rebase-merging, but with a merge commit.
Reasons, in comparison to Github's "rebase merge" which doesn't produce a merge commit:
1. It makes it clear which commits were part of one PR
2. It makes it clear who did the merge
3. It's okay to not have every commit build. but the one being merged will.
4. Still pretty bisectable. You'll narrow things down at least to the PR that caused an issue, and from there it's usually quite simple.
5. Looks very tidy in gitk & Co
-
Documenting My Work Again: hypothes.is
Not to say that the feature isn't coming to FOSS git services.. Just that even proprietary organizations have had issues with taking a while to implement them.
-
Keyless Git signing with Sigstore!
Oh this is cool actually! Nice! One of the grievances I have with github commit signing is this issue https://github.com/isaacs/github/issues/1099
-
Attempting to transfer a repository upon resigning from a company (warning I'm a noob)
In addition, you probably want to read this discussion. https://github.com/isaacs/github/issues/1138
nixpkgs
-
Nix: The Breaking Point
I don't think so. The article is probably intended for the Nix community, so the author doesn't need to convince HN that something is going on. If as an outsider you are interested then you need to look into it yourself, the community has no obligation to make their internal conflicts legible to the outside world.
As an outsider myself, it certainly looks like something is going on as more than 20 Nixpkg maintainers left in a week: https://github.com/NixOS/nixpkgs/issues?q=label%3A%228.has%3...
- Maintainers Leaving
-
Air Force picks Anduril, General Atomics to develop unmanned fighter jets
https://github.com/NixOS/nixpkgs/commits?author=neon-sunset
-
Eelco Dolstra's leadership is corrosive to the Nix project
I see two signers in the top 6 displayed on https://github.com/NixOS/nixpkgs/graphs/contributors
-
3rd Edition of Programming: Principles and Practice Using C++ by Stroustrup
For a single file script, nix can make the package management quite easy: https://github.com/NixOS/nixpkgs/blob/master/doc/languages-f...
For example,
```
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
https://github.com/NixOS/nixpkgs
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
What are some alternatives?
Custom-Scenes - Please go to https://github.com/Notexe/h3-custom-scenes instead. Hitman 3 custom scene experimentation using ResourceTool + QuickEntity + simple-mod-framework + RPKG Tool
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
Signal-Server - Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
git2html - github clone of http://hssl.cs.jhu.edu/~neal/git2html/
git-lfs - Git extension for versioning large files
Monocypher - An easy to use, easy to deploy crypto library
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
create-branch-from-issue - Creating branch from issue on Github, tampermonkey script
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
mollyim-android - Enhanced and security-focused fork of Signal.
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.