Login

Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Public
R. L. Dane :debian: :openbsd:

Dear Programming Language dev teams,

If your language has a package manager,

it NEEDS to be as fully-featured and easy-to-use as apt.

No more "use the website to search for packages"
No more "it installs, but not upgrades or uninstalls"
No more "Ok, it installs, but it isn't necessarily fully functional"
No more "It installs, but you need arcane options for the upgrade to function."

MAKE IT AS EASY AS APT,
Or don't release a package manager.

</rant>, a.k.a. Fin.

Merci.

Public
Tim Clevenger :donor:

@RL_Dane Also stop letting every dipshit with an email address upload a package. You're safer piping curl to bash than installing from npm or pypi these days.

Public
immibis
@timjclevenger @RL_Dane how else could that possibly work though? You have a committee that approves packages? There's lots of software I want to install that isn't in my distribution.
R. L. Dane :debian: :openbsd:

@immibis @timjclevenger

I'm guessing do it like native packages: require a package maintainer to answer emails and do tests and such.

Nov 22, 2024, 12:20 AM·Public·tut-tui
0boosts·0favorites
Public
immibis
@RL_Dane @timjclevenger if the developer nominates themselves as maintainer isn't it the same as what we have now?
Public
R. L. Dane :debian: :openbsd:

@immibis @timjclevenger

I'm not super familiar with all the work a package maintainer has to do, but I suppose they'd be more responsible for it and for things like resolving conflicts.

But yeah, I don't quite know how you'd do QA on packages, except maybe to have some kind of election or rating system.

Public
immibis
@RL_Dane @timjclevenger The package maintainer's role is to do whatever is needed to bridge the gap between the package and the packaging system. So in Debian they download the source code and write the scripts to make Deb files (I don't think they have to build them). In Gentoo they do something similar but the scripts are shipped to the end customer instead of running on a Debian build machine. Gentoo build scripts may be less opinionated than Debian build scripts.

There are usually also patches to fix bugs in the resulting system. E.g. Debian systems may have something in a different path than the package author looked for it.

If an author uploads their own package to pip they are taking on both author and maintainer roles.
Public
immibis
@RL_Dane @timjclevenger Traditionally, dependency QA was done by not having many dependencies and evaluating how much you trust them. When you have 3000 dependencies you can't do that. Reducing the number of dependencies would go a long way towards reducing their surface area.
Public
R. L. Dane :debian: :openbsd:

@immibis @timjclevenger

Yeah, this trend really worries me. It's like the approach to dependency management is just "lol wtf yolo"

Public *
R. L. Dane :debian: :openbsd:

@immibis @timjclevenger

Probably so. I've just become aware of it more recently as I've been compiling more of my own (niche) software.

Also, from hearing others bemoaning the dependency hell of node.js.

P.S., I've also been out of I.T. for 11 years, so that accounts for some of it as well ;)

ExploreLive feeds
About