A critique of package managers

Posted by gingerBill 6 days ago

A critique of package managers(www.gingerbill.org)

117 points | 216 commentspage 4

gregors 6 days ago|

I remember when a project failed on Kickstarter due to golang dependency hell in particular.

https://news.ycombinator.com/item?id=5796597

MangoToupe 6 days ago||

There are three points of prioritization here: you can use other peoples' code, manually vet all the code you're running, or accept that you need to trust a social network to vet stuff for you. Pick two. This is not a solvable problem.

EDIT: I've been rate limited, so the point is: unless you're Terry Davis, you're not going to be able to write software of any real complexity. Few people are going to even bother to vet the standard library, let alone the compiler, the runtime, etc etc.

gnatmud8 5 days ago||

if only people knew how easy it is to implement the standard library and make it way simpler than what is usually provided, everyone would be writing their own standard libraries; you can implement one with string manipulation, files, memory management, threading, and basic timing, in less than 1000loc of c code, as i have done before, and the biggest parts by far were console printing and filesystem stuff, and it's mostly because of windows utf-16 conversion nonsense

gingerBill 6 days ago||

Use the first two, and not rely on the third at all. That's what the article is saying.

marcelr 6 days ago||

i had this idea for vendor based “package manager”

what if packages were meant to be read, and config was set inside the file directly

what if we transitioned to think of packages as templates, rather than generic black boxes

i think it would drastically reduce dependencies, package complexity, and improve understanding

lou1306 6 days ago|

You can do this in Python, today. Whenever you need a package, just add its code in a directory under your project's root. And good luck.

dismalaf 6 days ago||

Honestly, he's not wrong. I use Ruby and 99% of the gems on rubygems.org are absolute trash. I use Rails and stuff like Nokogiri or Faraday, also RubyLLM, but little else because of reasons.

NPM is even worse, you import one thing and get 1000s of trash libraries so nowadays the only JS I write is vanilla and I import ES Modules manually.

Also, Odin doesn't make adding dependencies that difficult, you can literally just throw an Odin library into your project as a folder and it's available. The Odin compiler does everything else for you.

mouse_ 6 days ago|

is sdl2 really that bad?

krapp 6 days ago|

It's impossible to know what issues they have, since they don't specify.

But no, for the vast majority of people, SDL2 is perfectly fine, although SDL3 is a vast improvement. It's as stable and battle-tested as a cross platform multimedia library is bound to get. Opening a window and polling input is trivial.

Then again I've never even heard of the language they're using (Odin) so maybe that doesn't play well with a C library.

gingerBill 3 days ago||

The bugs have nothing to do with the language and exist in C too.

I'll just link to some of the bugs directly that posted as issues to SDL:

https://github.com/libsdl-org/SDL/issues/4789 (not fixed) https://github.com/libsdl-org/SDL/issues/4816 (closed) https://github.com/libsdl-org/SDL/issues/4790 (closed)

And these being the bugs we found ourselves, not other bugs that have already been found, and many marked "as not planned" since SDL2 is now finished.