The fate of "small" open source

(nolanlawson.com)

295 points todsacerdoti | 2 comments | 16 Nov 25 19:21 UTC | HN request time: 0.002s | source

Show context

Levitating ◴[16 Nov 25 22:17 UTC] No.45948952[source]▶

I am sure I am not the only one who thinks these micro-dependencies are worthless anyway. You'd be better off just listing the functions in a markdown file for people to copy over than ship an entire package for it.

This isn't "small" open source, "small" would be something you put together in a week or weekend. These are like "micro" projects, where more work goes into actually publishing and maintaining the repository than actually writing the library.

I like the approach C sometimes takes, with the "tiny header file" type of libraries. Though I guess that also stems from the lack of a central build system.

replies(4): >>45950899 #>>45950912 #>>45953455 #>>45955108 #

eviks ◴[17 Nov 25 04:44 UTC] No.45950899[source]▶

>>45948952 #

What's your copy& paste solution to security updates?

replies(2): >>45952213 #>>45952228 #

1. 1718627440 ◴[17 Nov 25 09:50 UTC] No.45952213[source]▶

>>45950899 #

The security maintenance of the ten lines of code I have read and copied into my code is the same as the ten lines of code next to it, that I have written myself.

replies(1): >>46003555 #

2. eviks ◴[21 Nov 25 11:39 UTC] No.46003555[source]▶

>>45952213 (TP) #

It can't be the same. The package is public, so you get some benefit of other people reviewing and your tools notifying you of issues. Or do you really mean you ignore all that info?

↑