Can’t they make dependencies something that get checked at launch time? The executable says “I have the following external dependencies pulled in. “ and then if a version is blacklisted, the executable should stop and throw an error saying exactly what component was blacklisted and stopped it from running.
Why can’t we have executable declare their dependencies at launch time to the OS?
That’s essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like “libcaca >= 1.2.3” and that’s that. If that dependency isn’t available in the distro you need to have that packaged (and thus have a maintIner for said package) first. The distro’s package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Often there’s also a security team that watched for packages requiring expedited attention, and security backports.
Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.
Can’t they make dependencies something that get checked at launch time? The executable says “I have the following external dependencies pulled in. “ and then if a version is blacklisted, the executable should stop and throw an error saying exactly what component was blacklisted and stopped it from running.
Why can’t we have executable declare their dependencies at launch time to the OS?
That’s essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like “libcaca >= 1.2.3” and that’s that. If that dependency isn’t available in the distro you need to have that packaged (and thus have a maintIner for said package) first. The distro’s package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Often there’s also a security team that watched for packages requiring expedited attention, and security backports.
Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.