|
|
|
|
|
|
by packetlost
710 days ago
|
|
|
At some level of complexity/edge-case-ey-ness you just need arbitrary execution to get things done. At some point you need to accept that that if you're pulling in a dependency, you trust the authors of that code enough to execute their code. That being said, getting project version, deps, etc. should be statically available for packages, but being computed from source isn't the worst thing IMO, though it's not what I would go with. |
|
|