| There' has been always a split between software that is expected to be run for 10 or 20 years and software that will be obsoleted in 2 years. https://www.cip-project.org/ aims to backport fixes to released kernel for 25 (twenty-five) years. Because you don't "npm update" deployed systems on: banks, power plants, airplanes and airports, trains, industrial automation, phone stations, satellites. Not to mention military stuff. (And Debian is much more popular in those places that people believe) > Devs want to distribute their software to users, and they aren't going to chase down rabbit holes to get it packaged to comply with every different distributions set of available dependency versions. That's what stable ABIs are for. > Really this idea that a distro (even a large well maintained one like Debian) has the resources to package a set of known versions of go/node packages for common open source software seems wrong? Yes, incredibly so. Picking after lazy developers to unbundle a library can require hours. Backporting security fixes for hundreds of thousands libraries including multiple versions is practically impossible. > And no dev is going to downgrade some random dependency of their app just to comply with with Debian's set of available versions. Important systems will keep running in the next decades. Without the work from such developers. |