A critique of package managers

(www.gingerbill.org)

109 points gingerBill | 1 comments | 08 Sep 25 12:18 UTC | HN request time: 0.263s | source

Show context

smw ◴[08 Sep 25 13:16 UTC] No.45167873[source]▶

"When using Go for example, you don’t need any third-party libraries to make a web server, Go has it all there and you are done."

Fine, now what if you need to connect to a database, or parse a PDF, or talk to a grpc backend. What a hilariously short-sighted example.

To me, this whole article just screams inexperience.

replies(5): >>45167966 #>>45167975 #>>45168076 #>>45168151 #>>45174508 #

1GZ0 ◴[08 Sep 25 13:25 UTC] No.45167975[source]▶

>>45167873 #

The Author isn't arguing for not using third party dependencies. He's arguing for developers to be more conscious of the dependencies they use, by manually vetting and handling them. That screams "I've been down the package manager route and paid the price". Not inexperience.

replies(3): >>45168004 #>>45168082 #>>45189859 #

1. ozim ◴[09 Sep 25 21:59 UTC] No.45189859[source]▶

>>45167975 #

I disagree with this take. There should be just more governance on the registry side of things.

For NuGet or Maven I think dependency hell is not something you run into and I don’t have package manager manager for those languages.

There should be enough trust just like I can do sudo apt install.

His take screams „I want to push my niche approach and promote my language from my Ivory Tower of language creator”. He still might not have any relevant experience building businesses line software just like O don’t have experience with building compilers or languages.

↑