|
|
|
|
|
|
by lolinder
443 days ago
|
|
|
> Painless package management is a good thing. Central package repositories without any checking isn't. There's a reason why these things come hand in hand, though. If the package management is so painless that everyone is creating packages, then who is going to pay for the thoroughly checked central repository? And if you can't fund a central repository, how do you get package management to be painless? The balance that most language ecosystems seem to land on is painless package management by way of free-for-all. |
|
|
You could host your own package server with your own packages, and have the painless package manager retrieve these painlessly.
Of course we're in this situation because people want to see the painlessness with what other people built. But other people includes malicious actors every once in a while.