The Manifest

Wherein we discuss Conan, the C and C++ package manager with Diego Rodriguez-Losada as it reaches 1.0. We talk about what inspired the development of Conan, package management problems specific to C/C++ package management and the plans for the future. Note: This episode was recorded 9 months before it was published, so some details may be out of date.Special Guest: Diego Rodriguez-Losada.Links: Conan Conan on GitHub Bintray Bincrafters biicode JFrog Xray Conan hits 1.0 Cpplang Slack Diego's website Diego on Twitter Diego on GitHub SwampUP

Wherein we discuss Clojars, the clojure package manager registry and it's relationship to Maven with Daniel Compton. Special Guest: Daniel Compton.Links: Clojars Datomic Clojure Microsoft Dynamics NAV C/AL programming language Maven The Manifest Episode 6: Maven with Brian Fox Leiningen Boot: build tooling for Clojure cljdoc Maven Artifact Resolver OpenJDK Graal ClojureScript Google Closure Compiler vgo Git Deps for Clojure Deps - Private Maven Repository Hosting Daniel Compton's website Daniel Compton on GitHub Daniel Compton on Twitter Clojars on GitHub

Wherein we chat with Todd Gamblin about Spack, the package manager for supercomputers. We talk the unique challenges that packaging for High-performance computing platforms bring to package management, whether you should mine bitcoins on super computers and what's planned for the future of spack.Special Guest: Todd Gamblin.Links: Spack Spack on GitHub Spack documentation Lawrence Livermore National Laboratory High-performance computering on Wikipedia EasyBuild Spack white paper How To Make Package Managers Cry PubGrub: Next-Generation Version Solving – Natalie Weizenbaum Todd Gamblin on GitHub Todd Gamblin on Twitter Todd Gamblin on The Changelog

Wherein we discuss open source licensing and how that relates to software packaging with Kate Stewart, of Linux Foundation and SPDX.Special Guest: Kate Stewart.Links: Board support package LTIB Software Package Data Exchange (SPDX) DEP5 Freshmeat FOSSology Black Duck Compliance Basics for Developers Choose a License FreeRTOS The `React Patent License’ Controversy SPDX on GitHub librariesio/spdx: A SPDX license normalizer librariesio/license-compatibility: Check compatibility between different SPDX licenses Free Software Foundation FOSDEM 2018 - Legal and Policy Issues devroom Heather Meeker Kyle Mitchell Luis Villa Oracle America, Inc. v. Google, Inc. Spdx-tech mailing list Spdx-legal mailing list Kate Stewart on Twitter

Wherein we discuss typosquatting and other security matters with Adam Baldwin, of Lift security and the Node Security Platform. We cover what kind of exploits people are trying, speculate about how blockchains may well be the answer, and unsuccessfully attempt to start a turf war between various package managers. Special Guest: Adam Baldwin.Links: ^Lift Security npm registry Typo.js on GitHub 52% of All JavaScript npm Packages Could Have Been Hacked via Weak Credentials Have I been pwned? Protect your npm account with two-factor authentication Typosquatting programming language package managers Shellshock Dependency CI The Update Framework package.community crossenv malware on the npm registry Node Security Platform Yarn Adam Baldwin on Twitter Adam Baldwin on GitHub

Wherein we discuss Cargo (the Rust package manager) and Crates.io (the Rust package registry) with Carol (Nichols || Goulding). We talk about the Rust language, the history of the project, the features that make Cargo the envy of all the other package managers, and the sustainability of the project.Special Guest: Carol (Nichols || Goulding).Links: FOSDEM Package Management Devroom CFP Crates.io Cargo on GitHub

Wherein we chat with Trishank Karthik Kuppusamy about The Update Framework, a security layer that lets package managers assure the veracity and integrity of their packages. We talk about how it grew out of the TOR Project, how it works, how Uptane is used for package management in cars (!), and what package maintainers can do to help their own security.Special Guest: Trishank Karthik Kuppusamy.Links: FOSDEM Package Management Devroom CFP The Update Framework The Update Framework on GitHub

Wherein we chat with Brian Fox about all things Maven. We hear the history of Maven Central, war stories, how Minecraft DDoSed the service, and discuss planning for the future of Maven and Java 9.Special Guest: Brian Fox.Links: Maven Maven Central Search Maven Central Repository Sonatype Brian on Twitter Brian in GitHub FOSDEM Package Management Devroom CFP

Wherein we discuss Dart and Pub with Natalie Weizenbaum. We discuss how Dart and Pub are being used and developed within Google and a potential new algorithm for more user friendly dependency resolution error messages.Special Guest: Natalie Weizenbaum.Links: Pub: Dart Package Manager Pub on GitHub Dart programming language AngularDart Flutter Bob Nystrom gclient — gclient Sass: Syntactically Awesome Style Sheets Sass Eyeglass DPLL algorithm - Wikipedia Natalie on GitHub Natalie on Twitter

Wherein we discuss Go and Dep with Sam Boyer. We discuss how he led the improvements to package management for the Go ecosystem and went deep on satisfiability and how it relates to dependency resolution.Special Guest: Sam Boyer.Links: dep on GitHub The Go Programming Language gps on GitHub glide on GitHub The Saga of Go Dependency Management Go Package Management Tools So you want to write a package manager gopkg.in The New Era of Go Package Management Satisfiability - Wikipedia MiniSat Horn clauses The Art of Computer Programming, Volume 4, Fascicle 6: Satisfiability Conflict-Driven Clause Learning Backjumping Gophers on Slack Sam on Twitter Sam on GitHub

Wherein we discuss Rubygems and Bundler with André Arko. We discuss how he became the lead maintainer of Rubygems and Bundler, and what lead him to set up Ruby Together.Special Guest: André Arko.Links: RubyGems Bundler RubyGems on GitHub Bundler on GitHub geminstaller Bundler 2.0 - Breaking Changes Ruby Together Trade association Ruby Central OpenCollective Ulysses pact Contributing to Bundler From no OSS experience to the core team in 15 minutes a day Contributing to RubyGems André's Website André's Twitter André on GitHub

Wherein we discuss CocoaPods, a package manager for macOS/iOS development, with lead maintainer Orta Therox. We discuss how he got started contributing to Cocoapods, the arrival of Swift Package Manager and Orta's latest project, Danger.Special Guest: Orta Therox.Links: CocoaPods CocoaPods on GitHub Eloy Durán CocoaDocs Swift Package Manager CocoaPods App React Native Yarn Danger Peril Danger JS Contributing to CocoaPods CocoaPods on Twitter Orta's Website Orta's Twitter Orta on GitHub

Wherein we chat with Mike McQuaid, the lead maintainer of Homebrew. We discuss how he got started contributing to Homebrew, its differences from Macports, using GitHub as a database, patching upstream, and more.Special Guest: Mike McQuaid.Links: Homebrew website Homebrew on GitHub Homebrew Formula Documentation MacPorts website Max Howell Homebrew Taps Linuxbrew ilovezfs on GitHub Homebrew Analytics Homebrew Code of Conduct Probot: Stale Reproducible Builds Homebrew Bundle Contributing to Homebrew Mike's website Mike's Twitter Mike on GitHub