Speaker
Description
Packaging Scientific Software is a broad topic and naturally depends a lot on the languages in use. RSEs work with a wide range from Fortran, Julia, C++ to Python and there wouldn't be "the one" solution that would fix all issues with distributing and consuming these packages. But I would like to use this discussion session to learn and discuss with other RSEs how they manage distribution of their software inside and outside their organisations and the best practices in the context of maintaing reproducible and secure supply chains of our packaged up software.
For our work in the Data Management & Scientific Computing centre at European Spallation Source we use Python extensively (or C++ with Python bindings) which naturally leads us to packaging our software as wheels or conda packages, and distributing them via PyPI or conda-forge. We also use pixi to create lock files while managing reproducible environments for our users. We also have had some people working with Julia, which we can package up as a conda package but this shows the problems with building a coherent strategy in a multi language ecosystem.
To give some structure to the discussion session we can start with a couple of short lightning talks (~3-5 mins each) which sketches out a rough setup and then we can discuss how to best manage them including topics like:
- internal mirrors and hosting to not depend on external infrastructure.
- tracking CVEs and third party deps.
- Packaging up the whole software setup in a reproducible fashion.