[IMPORTANT] Remove package sources and host only the expected SHA-256 #2

New Issue

sgraves · 2025-10-19T13:44:33-05:00

sgraves commented

2025-10-19 13:44:33 -05:00

I've been self-hosting this project privately for around 5 years but fully understand there may be concerns with hosting so many 3rd-party package sources. I recently decided to push this repo for public consumption.

For v2.0.0, I plan to fully remove all sources/binaries. grab_packages.sh will be enhanced to validate against known hashes.

In the meantime, you can recursively remove all archives (.tar.gz, .zip, etc) and their corresponding .sha256 in support/3rd_party if you have any concerns.

grab_packages.sh will download missing items configured in src/scripts/libraries.sh. I'll be creating a script to automate this as well.

I've been self-hosting this project privately for around 5 years but fully understand there may be concerns with hosting so many 3rd-party package sources. I recently decided to push this repo for public consumption. For `v2.0.0`, I plan to fully remove all sources/binaries. `grab_packages.sh` will be enhanced to validate against known hashes. In the meantime, you can recursively remove all archives (`.tar.gz`, `.zip`, etc) and their corresponding `.sha256` in `support/3rd_party` if you have any concerns. `grab_packages.sh` will download missing items configured in `src/scripts/libraries.sh`. I'll be creating a script to automate this as well.

sgraves added this to the v2.0.0-release milestone 2025-10-19 13:45:23 -05:00

sgraves added the

enhancement

label 2025-10-19 13:46:19 -05:00

sgraves added a new dependency 2025-10-21 13:05:34 -05:00

BlockStorage/repertory#65 - [bug] Mount state is not being removed after unmount on Windows

Sign in to join this conversation.