[moksly]

I didn’t say in-house code was good, but it does keep you from being exploited by things like what recently happened with NPM.

Companies genuinely don’t care about the software they use, as long as it works and isn’t hacked. This is especially true in non-tech enterprise. At my former place they still had hundreds of ASP Webforms with custom in-house ASP libraries that were utter shit, but they worked.

What I’m postulating is that this is the alternative to the current status que.

I’d personally love for NPM to review their packages, or for a big player like Microsoft to step in and make a more limited platform with reviews, but I just don’t think anyone is going to be willing to pay for it.

[the_af]

> At my former place they still had hundreds of ASP Webforms with custom in-house ASP libraries that were utter shit, but they worked.

But the same is true of open source. I thought you wanted non-shit software.

In-house software is easily exploitable and full of security bugs as well.

[moksly]

I think I’m too senior to believe in non-shit software.

I work in non tech enterprise. You’d think that things like the ransomware scandals, GDPR, the increased risk-awareness would have improved the business processes or management awareness or all the things are “corporate digital maturity” but the pressure to get things done fast with minimal resources has frankly never been higher.

In that environment we’re always going to have shit-software. If anything I agree with you, which is why I said that I thought that the current status quo was the best ever.