danhab99@programming.dev to linuxmemes@lemmy.world · 1 day agonixpkgs > aurprogramming.devimagemessage-square33fedilinkarrow-up1248arrow-down125file-textcross-posted to: linux_memes@programming.dev
arrow-up1223arrow-down1imagenixpkgs > aurprogramming.devdanhab99@programming.dev to linuxmemes@lemmy.world · 1 day agomessage-square33fedilinkfile-textcross-posted to: linux_memes@programming.dev
minus-squaremoonpiedumplings@programming.devlinkfedilinkarrow-up12·1 day agoNo, it would actually be quite easy to spot. Nixpkgs templates the source code url fro the url, and then it injects a variable Here is an example from bash: pname = "bash${lib.optionalString interactive "-interactive"}"; version = "5.3${fa.patch_suffix}"; patch_suffix = "p${toString (builtins.length upstreamPatches)}"; src = fetchurl { url = "mirror://gnu/bash/bash-$%7Blib.removeSuffix fa.patch_suffix fa.version}.tar.gz"; hash = "sha256-DVzYaWX4aaJs9k9Lcb57lvkKO6iz104n6OnZ1VUPMbo="; }; If the url were to be changed, it would show up as a change in git when someone is reviewing before merging.
No, it would actually be quite easy to spot.
Nixpkgs templates the source code url fro the url, and then it injects a variable
Here is an example from bash:
pname = "bash${lib.optionalString interactive "-interactive"}"; version = "5.3${fa.patch_suffix}"; patch_suffix = "p${toString (builtins.length upstreamPatches)}"; src = fetchurl { url = "mirror://gnu/bash/bash-$%7Blib.removeSuffix fa.patch_suffix fa.version}.tar.gz"; hash = "sha256-DVzYaWX4aaJs9k9Lcb57lvkKO6iz104n6OnZ1VUPMbo="; };If the url were to be changed, it would show up as a change in git when someone is reviewing before merging.