Hacker Read

mixmastamyk · 2018-10-10 01:35:39+00:00

That would still be the case if the packages weren't 1-3 years out of date.

sebazzz | karma 3584 | avg karma 2.19 · | 2018-03-19 12:32:07

Yes, but they don't enforce it for new packages.

schmorptron | karma 864 | avg karma 1.84 · | 2021-07-16 10:37:14

We're about 2 years out from having that work with most packages though, aren't we?

axaxs | karma 7169 | avg karma 3.91 · | 2018-12-21 07:39:36+00:00

Which packages in particular? I've always found most things to be rather recent...

saagarjha | karma 56017 | avg karma 2.29 · | 2020-05-22 23:32:32+00:00

Not sure about five years ago, but these days it's usually not to bad for popular packages.

davidw | karma 63893 | avg karma 3.82 · | 2008-01-19 10:40:26

To get up to date packages?

bdcravens | karma 20814 | avg karma 2.3 · | 2014-12-09 21:18:03+00:00

Second, they screw up maybe 1 out of a 1000 packages in my experience.

I have years of data at my disposal. It's more like 2-5 packages out of 100. :-)

reply

stordoff | karma 4216 | avg karma 1.9 · | 2019-02-24 23:21:47+00:00

That says nothing about the distribution of the packages. That's pure speculation.

mrcode007 | karma 614 | avg karma 2.5 · | 2023-09-16 16:02:23

I know. Yet most folks take packages at face value as if it was a part of some standard library.

antihero | karma 7087 | avg karma 2.23 · | 2013-07-09 14:07:39+00:00

We've had the fixed versions of the packages for quite some time.

markdog12 | karma 4950 | avg karma 6.4 · | 2020-01-04 11:24:08

Tough call though, since # of packages is a poor metric.

joshuamorton | karma 7432 | avg karma 1.4 · | 2018-12-19 02:59:51+00:00

At least with most packages this can't happen anymore.

If a package owner distributes a wheel, you're good. Most packages do now.

reply

charcircuit | karma 2002 | avg karma 0.38 · | 2022-03-31 05:56:53

apt deciding it should yeet essential packages is not a new thing and has happened many times to many people.

mistrial9 | karma 4203 | avg karma 0.87 · | 2023-09-12 19:08:31

one hundred and sixty thousand signed packages with ten+ years of history and of course, one bad one means the system is "weak"

olgeni | karma 337 | avg karma 0.92 · | 2014-04-15 17:51:47

As long as you don't get stale packages plagued by unfixed bugs.

rowanG077 | karma 2770 | avg karma 0.92 · | 2022-11-18 12:17:21

I would never expect them to do that without vendoring the package. Which mitigates that risk.

XorNot | karma 14149 | avg karma 2.13 · | 2022-04-06 06:10:51

What sorts of packages are these though? I've not had a single problem with anything practical in years.

ex_amazon_sde | karma 1060 | avg karma 3.58 · | 2019-03-13 15:42:38+00:00

It's still working very well for Amazon, and the company evaluated alternatives and choose to stick with packages because they have the right granularity.

yjftsjthsd-h | karma 28510 | avg karma 2.78 · | 2020-09-26 02:37:54+00:00

Just in that there's a package already?

xorfish | karma 856 | avg karma 1.99 · | 2017-01-09 21:44:14+00:00

I don't see the connection. I didn't say that they have more packages, just that they have very good packaging tooling that makes it simple to make consistent packages.