Prerequisites
Criteria
Name
fennel
Description
"A Lisp programming language that compiles to Lua. It brings together the speed, simplicity, and reach of Lua with the flexibility of a Lisp syntax and macro system."
Homepage
https://fennel-lang.org
Download Link(s)
https://git.sr.ht/~technomancy/fennel/archive/1.6.1.tar.gz
Some Indication of Popularity/Repute
Over 2,600 stars on the official GitHub mirror (https://github.com/bakpakin/Fennel). Furthermore, it has widespread adoption as a configuration and scripting language in established Lua-centric ecosystems. It is heavily utilized in the Neovim community for dotfile configuration and plugin development (e.g., via tools like aniseed and hotpot), is a first-class built-in language in the TIC-80 fantasy console, and is highly popular within the LÖVE (Love2D) game development community. It is also quite well known in the general lisp community (who doesn't like lisp?)
Regarding the unchecked "Fairly standard install" box:
Fennel does not distribute pre-built Windows binaries. Well, currently they do, but the main Maintainer has since made the decision to no longer host the binaries for security purposes. With strong confliction toward maintaining windows binaries(understandable) IF he did happen to keep the binaries. Following upstream security incidents, the maintainer explicitly deprecated binary releases in favor of package managers and source builds.
To respect upstream's security posture, the proposed manifest will simply use a pre_install hook to natively emulate the Unix Makefile, by compiling with lua, and will additionally perform GPG tag verification against the maintainer's pinned public key. This really should not be an issue with the scoop maintainers, as this is SLSA Build L2 downstream verification, and generally the recommended approach now for fennel source builds. I will worry about maintaining it.
I have a tested manifest ready for this and will provide the architectural and security decisions in the PR . Additionally, although I have upwards of 8 Architectural Decision Records (ADR's) for this manifest file, I am simply hosting 4 of them for now, as they get priority. I am still refining the others. They can be found here.
Prerequisites
Criteria
Name
fennel
Description
"A Lisp programming language that compiles to Lua. It brings together the speed, simplicity, and reach of Lua with the flexibility of a Lisp syntax and macro system."
Homepage
https://fennel-lang.org
Download Link(s)
https://git.sr.ht/~technomancy/fennel/archive/1.6.1.tar.gz
Some Indication of Popularity/Repute
Over 2,600 stars on the official GitHub mirror (https://github.com/bakpakin/Fennel). Furthermore, it has widespread adoption as a configuration and scripting language in established Lua-centric ecosystems. It is heavily utilized in the Neovim community for dotfile configuration and plugin development (e.g., via tools like aniseed and hotpot), is a first-class built-in language in the TIC-80 fantasy console, and is highly popular within the LÖVE (Love2D) game development community. It is also quite well known in the general lisp community
(who doesn't like lisp?)Regarding the unchecked "Fairly standard install" box:
Fennel does not distribute pre-built Windows binaries. Well, currently they do, but the main Maintainer has since made the decision to no longer host the binaries for security purposes. With strong confliction toward maintaining windows binaries(understandable) IF he did happen to keep the binaries. Following upstream security incidents, the maintainer explicitly deprecated binary releases in favor of package managers and source builds.
To respect upstream's security posture, the proposed manifest will simply use a
pre_installhook to natively emulate the Unix Makefile, by compiling with lua, and will additionally perform GPG tag verification against the maintainer's pinned public key. This really should not be an issue with the scoop maintainers, as this is SLSA Build L2 downstream verification, and generally the recommended approach now for fennel source builds. I will worry about maintaining it.I have a tested manifest ready for this and will provide the architectural and security decisions in the PR . Additionally, although I have upwards of 8 Architectural Decision Records (ADR's) for this manifest file, I am simply hosting 4 of them for now, as they get priority. I am still refining the others. They can be found here.