Add support for reproducible builds

[clairernovotny]

Adds support for reproducible builds as required by the .NET Foundation project requirements: https://github.com/dotnet-foundation/projects#eligibility-criteria under the Code subsection.

[glennawatson]

Please open a issue discussing what this is and follow the PR template.

[glennawatson]

You havent discussed with any maintainers.

[clairernovotny]

I am a maintainer of RxUI, have been for years, thanks!

[glennawatson]

There's no bullet point in your list that indicates we have to take an additional dependency and risk on this package. Just that we have to use source link which we already do. If it's a matter of code deterministic then we'd prefer just to take those settings directly

[glennawatson]

You haven't been involved in the splat project for over 3 years. Nor any rxui project other than refit. No discussion just come bulling in with a PR then using dnf policy as a excuse that doesn't even have a hard requirement on this package

[clairernovotny]

The dependency is from the Foundation itself as the easiest "one click" way of getting things working. It can also be done in other ways too. There's no risk on that package, it's not third party, it's first party.

I never stopped being a maintainer, just stepped back to focus on other things. This is a small build-time enhancement that improves the security of the package; there's not much discussion required for this.

[dansiegel]

@clairernovotny a few things regarding this...

1. I recognize that this is a valuable improvement for developers consuming the library. To the best of my knowledge Prism and other libraries I write already follow these standards for that very reason. However, it is really inappropriate for the Foundation to impose and then expect member projects to follow such guidelines when the Foundation takes no active steps in discussing things with the maintainers of the member projects.

2. Regarding you being a maintainer. I am fully aware of your history with Rx and many other libraries in the .NET ecosystem. I am also aware of various reasons that you would have had to step back from an active role. That being said, being a maintainer is about more than having access to a repo or what you have done in years past. In your absence, others within the community like @glennawatson & @RLittlesII have stepped up as the projects active maintainers. I find your comments here to be highly disrespectful of both Glenn and Rodney for you to assume that you are entitled to do whatever you would like with a project when you do not operate as part of a team, and properly communicate with the active maintainers of the project. Neither your role within the .NET Foundation or your past work on the project entitles you to bypass the projects current maintainers.

3. Given that you are not an active maintainer of this project, in the future please show this and all other .NET Foundation member project maintainers the respect of following their guidelines in opening an issue when required. Alternatively please show the respect the maintainers deserve, and that you are a team player by having the proper dialog with the projects active maintainers first.

[anaisbetts]

Let's not #yolo merge things without discussion, even if they seem like good ideas. Splat is used by too many people to do stuff like that.

[RLittlesII]

I will point out that the discussion on this PR feels like a Code of Conduct violation.

We have a template for Issues and Pull Requests that link to "How to Contribute".

We ask that issues be opened, and a discussion started to foster a healthy community inside the ReactiveUI project.

When presented with that constructive feedback, the response was less than professional. There is no acceptance of the responsibility for the actions demonstrated. No care was given to what is best for other project maintainers, let alone the overall community. No apology to those affected by our mistakes.

[anaisbetts]

Wow great conversation! Let's lock it to contributors just for a laugh and not because someone on Twitter just unhelpfully sent 27.3k Looky-Loos over to drop their $0.02 on my repo

[anaisbetts]

(to be 100% clear, if you're a collaborator and want to write more, please do!)