|
|
|
|
|
|
by zaphar
4751 days ago
|
|
|
"the idea that every software component should live as an isolated stack that duplicates its entire set of dependencies is misguided" That's not what he said. He said that packagers frequently break his software for users by incorrectly breaking it up into the wrong pieces and then including a version of that piece that doesn't work. It's especially bad in the case of erlang applications as he enumerates and it's caused by packagers not taking the time to understand the consequences of where they split the software into packages, all in the name having only one version of lib-erl-foo installed on your system. |
|
|
If the developer did, then they need to reconsider how difficult their making the lives of their customers by forcing the potential for additional vulnerability exposures on the system.
There's a non-zero cost involved in packaging.