undefined | Better HN

0 pointscriddell10y ago0 comments

> Now each tiny library update (think OpenSSL security fixes) will pull hundreds of "snaps"

Do you think that's worse than the alternative where each tiny (shared) library update potentially breaks hundreds of programs?

0 comments

4 comments · 3 top-level

creshal10y ago· 1 in thread

ABI breaks from security patches for stable releases, especially of Linux distributions, happen how often?

In comparison, outdated npm/gem/pip/hipster-package-manager-of-the-week or docker installations happen how often?

With the former, the burden of updating and testing lies with a small handful of distribution maintainers. With the latter, every single developer has to worry about deployment and maintenance.

cat-dev-null10y ago

Distros shouldn't waste time and effort on supporting and packaging language-specific, high-churn code packages except in very limited circumstances. Let the language specific-tools do those. Upstream is best, local fragmentation is wasteful.

jandrese10y ago

While that potential was always there (and people were paranoid about it), in real life it was extremely rare. ABIs don't tend to change much between minor versions on sane libraries. I can't remember it ever happening to me.

cat-dev-null10y ago

False dichotomy fallacy. Linux distributions need to engineer for side-by-side installation of multiple versions and not get tied up to those common locations. nix is just one example as an interesting idea, while Homebrew and stow are better ideas.

j / k navigate · click thread line to collapse