Andrew Nesbitt and Alex Pounds
Welcome to The Manifest, a podcast all about package management. Your hosts are Alex Pounds and Andrew Nesbitt. Together they explore the technical details of package management, the stories and the history of various projects, and the communities around them too. Every two weeks there will be a brand new interview with a package manager maintai
Wherein Alex talks with Nils Adermann, the co-founder of Packagist and co-creator of Composer, about package management in PHP. Special Guest: Nils Adermann.
Wherein we discuss how package management works in Debian and the Reproducible Builds project with Chris Lamb, a director of both the Open Source Initiative and of Software in the Public Interest, previously the Debian Project Leader and a core developer on the Reproducible Builds project. Special Guest: Chris Lamb.
Wherein we discuss Conan, the C and C++ package manager with Diego Rodriguez-Losada as it reaches 1.0. We talk about what inspired the development of Conan, package management problems specific to C/C++ package management and the plans for the future. Note: This episode was recorded 9 months before it was published, so some details may be out of date. Special Guest: Diego Rodriguez-Losada.
Wherein we discuss Clojars, the clojure package manager registry and it's relationship to Maven with Daniel Compton. Special Guest: Daniel Compton.
Wherein we chat with Todd Gamblin about Spack, the package manager for supercomputers. We talk the unique challenges that packaging for High-performance computing platforms bring to package management, whether you should mine bitcoins on super computers and what's planned for the future of spack. Special Guest: Todd Gamblin.
Wherein we discuss open source licensing and how that relates to software packaging with Kate Stewart, of Linux Foundation and SPDX. Special Guest: Kate Stewart.
Wherein we discuss typosquatting and other security matters with Adam Baldwin, of Lift security and the Node Security Platform. We cover what kind of exploits people are trying, speculate about how blockchains may well be the answer, and unsuccessfully attempt to start a turf war between various package managers. Special Guest: Adam Baldwin.
Wherein we discuss Cargo (the Rust package manager) and Crates.io (the Rust package registry) with Carol (Nichols || Goulding). We talk about the Rust language, the history of the project, the features that make Cargo the envy of all the other package managers, and the sustainability of the project. Special Guest: Carol (Nichols || Goulding).
Wherein we chat with Trishank Karthik Kuppusamy about The Update Framework, a security layer that lets package managers assure the veracity and integrity of their packages. We talk about how it grew out of the TOR Project, how it works, how Uptane is used for package management in cars (!), and what package maintainers can do to help their own security. Special Guest: Trishank Karthik Kuppusamy.
Wherein we chat with Brian Fox about all things Maven. We hear the history of Maven Central, war stories, how Minecraft DDoSed the service, and discuss planning for the future of Maven and Java 9. Special Guest: Brian Fox.
Wherein we discuss Dart and Pub with Natalie Weizenbaum. We discuss how Dart and Pub are being used and developed within Google and a potential new algorithm for more user friendly dependency resolution error messages. Special Guest: Natalie Weizenbaum.
Wherein we discuss Go and Dep with Sam Boyer. We discuss how he led the improvements to package management for the Go ecosystem and went deep on satisfiability and how it relates to dependency resolution. Special Guest: Sam Boyer.
Wherein we discuss Rubygems and Bundler with André Arko. We discuss how he became the lead maintainer of Rubygems and Bundler, and what lead him to set up Ruby Together. Special Guest: André Arko.
Wherein we discuss CocoaPods, a package manager for macOS/iOS development, with lead maintainer Orta Therox. We discuss how he got started contributing to Cocoapods, the arrival of Swift Package Manager and Orta's latest project, Danger. Special Guest: Orta Therox.
Wherein we chat with Mike McQuaid, the lead maintainer of Homebrew. We discuss how he got started contributing to Homebrew, its differences from Macports, using GitHub as a database, patching upstream, and more. Special Guest: Mike McQuaid.