←back to thread

A critique of package managers

(www.gingerbill.org)
109 points gingerBill | 2 comments | 08 Sep 25 12:18 UTC | HN request time: 0.478s | source
1. alphazard ◴[08 Sep 25 13:46 UTC] No.45168214[source]
There's a fair bit of semantic quibbling here.

Regardless of how they define these terms, producing a list of hashes which function as a commitment to specific versions of dependencies is a technique essential to modern software development. Whatever the tools are called, and whatever they do, they need to spit out a list of hashes that can be checked into version control.

You could just use git submodules, but in practice there are better user experiences provided by language package managers (`go mod` works great).

A good amount of this ranting can probably be attributed to projects and communities that aren't even playing the list of hashes game. They are resolving or upgrading dependencies in CI or at runtime or something crazy like that.

replies(1): >>45168480 #
2. gingerBill ◴[08 Sep 25 14:08 UTC] No.45168480[source]
The semantic quibbling is just to explain what a package manager isn't.

Also, use git subtrees, not git submodules. What people think submodules are, are actually subtrees and most people don't know about them.

As for "good" package managers, they are still bad because of what I said in the article.