home.social

#packagemanagers — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #packagemanagers, aggregated by home.social.

  1. " #Dependencycooldowns are a free, easy, and incredibly effective way to mitigate the large majority of open source #supplychain attacks. More individual projects should apply cooldowns (via tools like Dependabot and Renovate) to their dependencies, and packaging ecosystems should invest in first-class support for cooldowns directly in their #packagemanagers "

    blog.yossarian.net/2025/11/21/

  2. 🎁📦 Oh, look! Another riveting exposé on the perils of package managers overheating in the wild, wild west of software ecosystems. Let's pause to applaud the profound proposal of a global cooldown period—because who doesn't want their software updates to feel like waiting for their coffee to cool? ☕🔄
    nesbitt.io/2026/03/04/package- #packageManagers #softwareEcosystems #cooldownPeriod #techExposé #softwareUpdates #HackerNews #ngated

  3. 🫰 Open source package repositories face sustainability crisis

    「 So Maven and other open source repositories are considering introducing a tiered payment system. Lone developers and small groups will still be able to download the code for free, but the hogs will have to pay for every download. In other words, open source software is still free as in speech, but you can forget about being "free as in beer" going forward. 」

    theregister.com/2026/02/28/ope

    #opensource #packagemanagers #sustainability

  4. 🎉 In the riveting drama of package managers, #UV stunningly dethrones #Pip in the CI arena for #Wagtail users! 🏆 Meanwhile, the rest of the internet wonders if Wagtail is developing plans to conquer other obscure niches that nobody uses. 🙄🌱
    wagtail.org/blog/uv-overtakes- #PackageManagers #CIDrama #HackerNews #ngated

  5. You have to be shitting me. God I fucking hate npm.

    I literally spent an hour trying to diagnose why the builder was "freezeing" for several minutes, and it's because it downloads thousands of packages for a project with... 20 dependencies.

    Fuck NPM. Fuck JavaScript.

    #Programming #JavaScript #Node #NodeJS #JS #ECMAScript #NPM #PackageManagers #SoftwareDevelopment #WebDevelopment #WebDev

  6. Oh joy, another ✨ revolutionary ✨ tool to make generating OS images more complicated than assembling IKEA furniture without instructions. It's like #systemd decided to throw a party and invited all the package managers just to remind us that #Linux enthusiasts can never have too many ways to reinvent the wheel. 🚴‍♂️💨
    mkosi.systemd.io/ #OSimages #packagemanagers #techhumor #HackerNews #ngated

  7. Also:

    Dear Devs,

    If you're making a package/module manager and it has a "sorry, we can't satisfy all dependencies" error then maybe think about adding a "please explain why" option and not just a "force" option?

    Regards,

    SysAdmins and Devs

    #Puppet #SysAdmin #PackageManagers

  8. Ah, removing tensorflow 'solves' the issue.

    Another another reason why `transformers` -- and Python packaging as a whole -- sucks.

    venv (virtual environments) are not a solution either: in multi-user environments with limited disk space, you can't afford like 4 copies of 1.5GB Tensorflow/PyTorch/etc installed.

    Why python packages like these are this massive in the first place is beyond me.

    Something has to change here.

    /rant

    #Python #sucks #PackageManagers

  9. The #CloudNative landscape is thriving, but a crucial aspect remains missing: a robust package management system.

    But the wait is over! #Glasskube has arrived! #opensource

    Explore its inaugural release (v0.0.1): bit.ly/43gn1UB

    #InfoQ #Kubernetes #Containers #PackageManagers #DevOps

  10. I cpuld use some help about #PackageManagers for #windows

    I could use #KeePassXC and other stuff

    Should I install #Chocolatey ?

    I could use some help with that too

  11. Package managers as verbs.

    “Just #winget it.” Works well.
    “Just #scoop it.” Great.
    “Just chocoloco… chocalaca… choco lately?” I can’t even pronounce it.
    “Just apt-get it.” The apt part is a little harsh, but overall not bad.
    “Just #pacman it.” Meh.
    “Just #flatpak it.” Pretty good.
    “Just #homebrew it.” Maybe confusing, but sounds nice.
    “Just #adb it.” Nuh.

    #Linux #Windows #MacOS #Android #CLI #PackageManagers #aptget #chocolatey

  12. But as with anything, it's never easy and more of a people problem. The technology is there and widely employed by package managers such as dpkg, pacman, apk, etc...
    It just never was an issue, as you'd spend more time compiling anyway.

  13. Just caught up on the @packagingcon day 1 stream. Lots of great content.

    If you're interested in package managers or supply chain security at all, and you're not attending, you're missing out!

    #PackagingCon #PackagingCon2023 #PackageManager #PackageManagers #SupplyChainSecurity #OSS #OpenSource

  14. Just caught up on the @packagingcon day 1 stream. Lots of great content.

    If you're interested in package managers or supply chain security at all, and you're not attending, you're missing out!

    #PackagingCon #PackagingCon2023 #PackageManager #PackageManagers #SupplyChainSecurity #OSS #OpenSource

  15. Just caught up on the @packagingcon day 1 stream. Lots of great content.

    If you're interested in package managers or supply chain security at all, and you're not attending, you're missing out!

    #PackagingCon #PackagingCon2023 #PackageManager #PackageManagers #SupplyChainSecurity #OSS #OpenSource

  16. Just caught up on the @packagingcon day 1 stream. Lots of great content.

    If you're interested in package managers or supply chain security at all, and you're not attending, you're missing out!

    #PackagingCon #PackagingCon2023 #PackageManager #PackageManagers #SupplyChainSecurity #OSS #OpenSource

  17. Just caught up on the @packagingcon day 1 stream. Lots of great content.

    If you're interested in package managers or supply chain security at all, and you're not attending, you're missing out!

    #PackagingCon #PackagingCon2023 #PackageManager #PackageManagers #SupplyChainSecurity #OSS #OpenSource

  18. @briankrebs Interestingly they don't use or because the former's - like for - will literally deny-list known bad actors, and isn't natively supported in shitty OSes susceptible to this crap due to lack of - like and ...

  19. @briankrebs Interestingly they don't use #IFPS or #BitTorrent because the former's #Gateways - like #Tor2Web for #OnionServices - will literally deny-list known bad actors, and #BitTorrent isn't natively supported in shitty OSes susceptible to this crap due to lack of #PackageManagers - like #Windows and #macOS...

  20. @briankrebs Interestingly they don't use #IFPS or #BitTorrent because the former's #Gateways - like #Tor2Web for #OnionServices - will literally deny-list known bad actors, and #BitTorrent isn't natively supported in shitty OSes susceptible to this crap due to lack of #PackageManagers - like #Windows and #macOS...

  21. @f00fc7c8 I know...

    Personally, I think good that do like and / are essential to maintainable distros, even if I do violate that concept with for the sake of simplicity as .

  22. @f00fc7c8 I know...

    Personally, I think good #PackageManagers that do #DependencyResolution like #apt and #yum / #dnf are essential to maintainable distros, even if I do violate that concept with #OS1337 for the sake of simplicity as #embedded #linux #distro.

  23. @f00fc7c8 I know...

    Personally, I think good #PackageManagers that do #DependencyResolution like #apt and #yum / #dnf are essential to maintainable distros, even if I do violate that concept with #OS1337 for the sake of simplicity as #embedded #linux #distro.

  24. Hey #Canonical. Stop trying to make everything a #Snap. #Snaps suck. Nobody wants them and we've already moved to #Flatpaks and #AppImages. Stop forcing your agenda on us.

    #Linux #PackageManagers #Ubuntu

  25. Excited to work with @sammy and PG321 (not on Mastodon) on the #unicornpkg package remote spec! The current (unspecified) implementation is utter garbage.

    unicornpkg.madefor.cc

    #computercraft #packagemanagers

  26. @nicklockwood yes.

    in general doesn't as there are system-wide to handle dependencies.

    Regardless if deb [apt], rpm [yum], python [pip], (node)JS [npm], and even if you want to just dump an app onto a machine onto a machine there's and to help you along and for really lazy people there's .AppImage as self-contained executeable or the old where you put all stuff into a folder.

    Tho people like @fuchsiii will point at to make like easier.

  27. @nicklockwood yes.

    #Linux in general doesn't as there are system-wide #PackageManagers to handle dependencies.

    Regardless if deb [apt], rpm [yum], python [pip], (node)JS [npm], and even if you want to just dump an app onto a machine onto a machine there's #flatpak and #snap to help you along and for really lazy people there's .AppImage as self-contained executeable or the old #tarball where you put all stuff into a folder.

    Tho people like @fuchsiii will point at #docker to make like easier.