undefined | Better HN

0 pointsderefr8y ago0 comments

> host that version in a location you control

I don’t see how this is implied or required by what the GP said. Lockfiles exist; docker-image and OS package hash-refs exist. Heck, nix exists. Getting what you expected to get is a solved problem, and does not require “host[ing] it yourself.”

Now, availability of your deployment might require hosting it yourself. (Though more often your availability figures will be far worse than those of Docker Hub or launchpad.net.)

0 comments

nucleardog8y ago

I mean, up until last year someone could permanently depublish entire packages from certain package managers without restriction. No amount of hash-refs are going to ensure you have the right package if it just doesn't exist anymore.

I think availability is exactly what dozzie was getting at by specifying 'production'.

You want your production systems to be robust, not reliable at the whims of half a dozen different ecosystems all with different policies, procedures, humans, support agreements, etc. (This is without even touching on infrastructure availability.)

j / k navigate · click thread line to collapse

0 comments

nucleardog8y ago

I think availability is exactly what dozzie was getting at by specifying 'production'.

j / k navigate · click thread line to collapse