←back to thread

A critique of package managers

(www.gingerbill.org)
109 points gingerBill | 3 comments | 08 Sep 25 12:18 UTC | HN request time: 0.871s | source
1. torginus ◴[08 Sep 25 13:36 UTC] No.45168097[source]
This reads much more like a critique of traditional open-source development than package managers themselves.

The author asserts that most open-source projects don't hit the quality standards so that their libraries can be just included, and they'll do what they say.

I assert that this is because there's no serious product effort behind most libraries (as in no dedicated QA/test/release cycle), no large commercial products use it (or if they do, either they do it in a very limited fashion, or just fork it).

Hobbyists do QA as long as it interests them/fits their usecase, but only the big vendors do bulletproof releases (which in the desktop realm seems to be only MS/Apple)

This might have to do with the domain the author chose - desktop development has unfortunately had the life sucked out of it with every dev either being a fullstack/cloud/ML/mobile dev, its mindshare and the resources going toward it have plummeted.

(I also have a sneaking suspicion the author might've encountered those bugs on desktop Linux, which, despite all the cheerleading (and policing negative opinions), is as much as a buggy mess as ever.

In my experience, it's quite likely to run into a bug that nobody has written about on the internet ever.

replies(1): >>45168652 #
2. gingerBill ◴[08 Sep 25 14:20 UTC] No.45168652[source]
This critique applies to even closed-source development that uses open-source code bases.

I have an article on my unstructured thoughts on the problems of OSS/FOSS which goes into more depth about this: https://www.gingerbill.org/article/2025/04/22/unstructured-t...

replies(1): >>45177023 #
3. acoustics ◴[09 Sep 25 03:23 UTC] No.45177023[source]
This is why I'm so glad that I work in a closed monorepo now. There is no package management, only build tooling.

I find myself nodding along to many of the technical and organizational arguments. But I get lost in the licensing discussion.

If it is a cultural problem that people insist on giving things away for free (and receiving them for free), then viral licenses can be very helpful, not fundamentally pernicious.

Outside of the megaprojects, my mental model for GPL is similar to proprietary enterprise software with free individual licenses. The developer gets the benefits of open projects: eyeballs, contributors, adoption, reputational/professional benefits, doing a good deed (if that motivates them) while avoiding permissively giving everything away. The idea that it's problematic that you can't build a business model on their software is akin to the "forced charity" mindset—"why did you make something that I can't use for free?"

If you see a GPL'd bit of code that you really want to use in your business, email the developers with an offer of $X,000 for a perpetual commercial license and a $Y,000/yr support contract. Most are not so ideologically pure to refuse. It's a win-win-win: your business gets the software, the developers don't feel exploited, noncommercial downstream users can enjoy the fruits of open software, and everybody's contributed to a healthier attitude on open source.