Chicken Nuget
HieronymusBosch
12 points
5 comments
March 13, 2026
Related Discussions
Found 5 related stories in 883.6ms across 14,015 title embeddings via pgvector HNSW
- Show HN: Nub – A Bun-like all-in-one toolkit for Node.js colinmcd · 223 pts · June 24, 2026 · 55% similar
- Show HN: Nibble glouwbug · 27 pts · May 14, 2026 · 47% similar
- GNUtrition 0.33.0rc5 amcclure · 30 pts · June 02, 2026 · 47% similar
- GNUtrition 0.33.0rc3 amcclure · 14 pts · May 29, 2026 · 43% similar
- Show HN: Nutrepedia – Nutrition info in 29 locales built with Clojure and Htmx llovan · 120 pts · June 03, 2026 · 42% similar
Discussion Highlights (5 comments)
ubertaco
>Also, that would imply a never-ending wack-a-mole game for me since people obviously keep doing this. I think I have better things to do in my life. Uh-huh, and what makes that any different if someone else is doing it? This feels like someone who discovered package managers for the first time.
lq9AJ8yrfs
It seems hard to donate a trademark application to someone. Trademarks seem like a sore spot for successful OSS but probably useful for solving this problem. Or perhaps a license change? Might be tricky to do what the author means and still meet the definition of /open/. Maybe that's ok?
merb
Wouldn’t it be possible to automate creating these packages ? I know that it is not the thing that the curl creator needs to do. But if he does not do it, I’m not sure who will. Also I’m not even sure who will use curl via nuget?! I also think that nuget should be namespaced… Also as long as you don’t use it to curl random things the security impact is not that high and I doubt that there a tons of uses for that.. you probably won’t attack yourself?
st3fan
Daiel is too nice and should should just file DMCA reports instead. That is likely a language that Microsoft speaks.
its-summertime
Maybe a max-age field for the package manifest? For things like programs that are expected to be finished, this can be infinity, but for things that are expected to move with a complex ecosysten, could set it to 6 months? Past that point, a prompt is shown to confirm the user wants to install a likely-depreciated package? That way people won't be accidentally exposed to issues from downstream package maintainers being rendered unable to maintain their packages