i3_relativism wrote:has anyone looked into nerdctl
is lincensed under apachev2 and seems like a decent alternative to docker not sure if it is entirely libre or if has sane dependencies but would be interesting to investigate:
https://github.com/containerd/nerdctl
P.S. added it here so i dont forget aboout it
Cheers
Problem here is the implementation within go. We need to be very careful looking as we only use gcc-go. For reference there: https://go.dev/doc/install/gccgo
The version implemented within gcc-go is therefore behind the official go released. And that is only again "corporate open-source". So in favor for community-driven software we only stay at gcc-go. And that's the problem for many packages and software-projects using this.
i3_relativism wrote:i noticed that python-flask was removed believ that is a mistake given it is a very lighweight software and usefull for many devs, has well has being usefull for our own website implementation in the future.
If Im missing something please let me know.
No not really a mistake: The risk is quite too high for further vulnaribilities as the removal was based on python-werkzeug which has enough problems, just the newest one: https://security.snyk.io/vuln/SNYK-PYTH … UG-3319936
I have even tried to upgrade both packages just last week but then discovered the newest reports again.
Both packages can for sure return here in the forums as separate PKGBUILDs for individual usage. 
To understand: Lightweight is fine, but we have to be careful for too much web-driven packages as they are for sure the way for vulnerablities to come. And python-flask has also enough CVE-reports, some very severe depending on the used version. So the more people support within parts like that, the more packages can be controlled. Until we have only a small team we can only respect the reports and with enough risk remove the packages before any kind of damage could be caused as we beed also respect dependencies: Just upgrading is then not always a solution when some other software depending is no longer working.
And just to add a personal note: Even when the "world" and "people" think the "future" is in the web, I state here a clear NOPE. The "web" we are using for the moment is a big bloated landscape of different protocols and most of them are full of security-issues and growing as I even write those lines here. With what was original intended is this no longer in any way comparable. A big kind of joke and nice fairy-tale with people using it every day not knowing what kind of big problems they are loading on their mobile and steady devices. It is no problem to have connections, a global planned network with different ideas, if there would not be that much amount of bloat in all categories ... technical, social and economical. It is weird to have the common belief also in parts of the free community (not meant to anyone here in the thread only generic stated) that we overcome current problems (caused by bloated frameworks and software) with even MORE bloated frameworks and software. It is like fighting a big fire with causing an even bigger fire with some kind of hope both can neutralize each other. The reasoning would be quite more to reduce the amount. Yes, also with the costs of loosing some known convinience. Just because I am also forced and confronted with those bloated daily sites does not mean I'm okay with this course. It is just that: No other choice. But we can do different in more smaller rooms like this one here. And so we do! 
Human being in favor with clear principles and so also for freedom in soft- and hardware!
Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!