alt Hacker NewsNixos has a pretty solid solution to this issue: key your dependencies with checksums of the content. That way you get the best of both worlds: you always get the exact version you want, and you can share a copy of that exact version with other software that wants to use that exact version too!
Replies
JoshTriplett • today at 1:08 AM
Yeah, Nix-like distributions (e.g. guix, lix) do for Linux systems what some language package managers (e.g. cargo) do for individual projects.
altairprime • today at 3:15 AM
Are the xattr / chattr / umask checksums rolled into the main data fork content or are they hashed separately (or not at all)?
➕ show 1 reply
So it sounds like you don’t get the exact version you want because metadata is thrown away.