undefined | Better HN

0 points_w1tm2y ago0 comments

> At least in C/C++ it's much harder to get there.

Interesting take. Poor package management as a security feature.

As others have pointed out, instead of potentially poorly written third-party dependencies C/C++ will just have potentially poorly written homebrew replacements.

0 comments

1 comments · 1 top-level

palata2y ago

> Interesting take. Poor package management as a security feature.

How poor is it to install a package with your system package manager instead of the language package manager? I wouldn't call it poor.

The biggest difference I see is that language package managers are usually not curated (and that's a feature: "it's much faster than getting your package accepted in a distro").

My preference is to rely on curated package managers when I can. When I can't, then I am the maintainer, and therefore I need to handle the dependencies myself. You can call it "poor", but the fact that I maintain my dependencies is actually a security feature. When you depend on 600 third parties that you don't even know and that are not curated, it is a security problem.

j / k navigate · click thread line to collapse