Hacker News new | ask | show | jobs
by yread 10 days ago
Nuget/.NET ecosystem just handles it so much better. Netvips assumes libvips is available and they provide packages for common platforms. No need to waste electricity rebuilding stuff, or install native build chains, build and test deps. Similar for Skia or Sqlite or whatever.
2 comments
jcupitt 9 days ago
sharp does this too:

https://sharp.pixelplumbing.com/install/#prebuilt-binaries

it can sometimes need to compile the C++ shim that sits between node and libvips, but that's rare.

link
tom1337 10 days ago
but how can you verify that the prebuilt binaries aren’t compromised?
link
voidUpdate 9 days ago
Out of interest, do you verify that every single binary file on your machine isn't compromised? All the packages coming from your package manager?
link
tom1337 9 days ago
I absolutely don't. I even sometimes use "curl | bash" to install new things on my machine because most of the time it's easy and I tend to trust the authors.

My point was just that I don't think moving to pre-built binaries solves this issue.

link
jcupitt 9 days ago
sharp downloads over https and checks the sha256 (I think?) of the archive.
link