• pinknoise@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    3 years ago

    They store (source code) packages as github repos. E.g. rusts package manager cargo uses github repos for its “crates” (libraries). Which sucks because it’s a single point of failure, leaks my third party library usage to github and makes publishing, maintaining and contributing to libraries cumbersome.

    • nutomic@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      3 years ago

      Afaik crates.io only requires a github account for login, but the source code can be hosted anywhere. I know some crates that use gitea.

    • ksynwa@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      3 years ago

      Yeah I agree with that. I feel most projects especially the ones with a lot of users should maintain a mirror somewhere else.