Well, the modern package managers are really a monorepo with an exponential numbers of versions in production. No wonder it works for developers.
The "balkanized" downstream has been working quite well, unlike malicious packages on PyPI. The only major issue was the OpenSSL fiasco that was due to overpatching upstream. Overpatching indeed should stop but is not a…
I think many package managers take longer than a week to figure out. RPM is more difficult that deb, setuptools takes months to understand it fully and is changing constantly. Meson, Conan, winget+msi, and the hundreds…
Well, the modern package managers are really a monorepo with an exponential numbers of versions in production. No wonder it works for developers.
The "balkanized" downstream has been working quite well, unlike malicious packages on PyPI. The only major issue was the OpenSSL fiasco that was due to overpatching upstream. Overpatching indeed should stop but is not a…
I think many package managers take longer than a week to figure out. RPM is more difficult that deb, setuptools takes months to understand it fully and is changing constantly. Meson, Conan, winget+msi, and the hundreds…