fsebugoutzone.org:9999

       Post AX9feolFbKWPQTdzMW by keithzg@fediverse.keithzg.ca
 (DIR) More posts by keithzg@fediverse.keithzg.ca
 (DIR) Post #AX9dDxBjxdjBps63zU by keithzg@fediverse.keithzg.ca
       2023-06-28T15:30:41.861306Z
       
       0 likes, 0 repeats
       
       I&#39;ve said it before, I&#39;ll say it again: use distro package managers. Do not use language-specific package managers. FOR FUCKS SAKE DO NOT USE NPM! https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
       
 (DIR) Post #AX9dDy04wTzgLzeGS8 by feld@bikeshed.party
       2023-06-28T15:33:33.379919Z
       
       0 likes, 0 repeats
       
       Yeah but this is literally *impossible* to do.We cannot put all these packages in distro package managers. Especially because we need every version of all of these packages because so many libraries in these languages don&#39;t properly follow SEMVER so we can&#39;t just say &quot;oh, 1.0 of this nodejs-widget should be compatible with all these things&quot; -- because it&#39;s not. They all need the specific versions of the packages that they were pinned to or you&#39;re asking for a free vacation to the 9 circles of hell
       
 (DIR) Post #AX9dnYplzG6wj8nhIW by feld@bikeshed.party
       2023-06-28T15:40:02.294158Z
       
       0 likes, 0 repeats
       
       There once was a plan to extend the FreeBSD pkg manager to directly integrate with Rubygems, Pypi, CPAN, NPM, etc so it would just be automagic and there would be a single source of truth everything -- pkg itself.I wasn&#39;t directly involved in that so I&#39;m not sure what happened. I still wish it had that capability, but you&#39;re just inheriting the security problems of those other tools.
       
 (DIR) Post #AX9feolFbKWPQTdzMW by keithzg@fediverse.keithzg.ca
       2023-06-28T15:59:39.770855Z
       
       0 likes, 0 repeats
       
       @feld Yeah that doesn&#39;t solve the core problems but it would nonetheless be nice if one only had to use a single interface for all package management! I&#39;m not sure I&#39;ll ever forgive Red Hat for introducing PackageKit, a buggy extra layer of abstraction that&#39;s kinda pointless unless it&#39;s able to handle multiple different package and repo types, and then introducing Flatpak and refusing to add Flatpak support to PackageKit. Far from the worst thing Red Hat has done, mind you, but as someone who never got into any RPM-based distros it&#39;s the one that most directly affects me personally...(On that note I find it a bit weird that over in the Arch-based world, Pamac acts as a simultaneous frontend for pacman and flatpak in its GUI form but *not* its CLI form. Admittedly I&#39;ve rarely found a use for Flatpak packages outside of GUI apps, but still!)