wtf techcrunch https://mastodon.social/media/pcpIWTnFuk5Ghv9hUhU
dependency management problems are a thing irrespective of the license of those dependencies. nobody anywhere is writing assembly code entirely on their own, even then you depend on a compiler. every software project has dependencies. it's a problem solved by version pinning. i can't believe a tech writer wrote this?
@clacke @feld @Gargron Exactly. What we need, and really don't quite have yet (in general) is a way for a person or organization to subscribe to the changelogs of the dependency-tree-assuming-you-were-to-update.
I keep thinking about building this, and what it would require. And first, uh... it would require people to keep changelogs. 😭
@skellat @clacke @feld @Gargron meh. Point taken, but you're going to have that problem no matter what, and there are relatively simple solutions to it. Mirroring the parts of the npm registry you depend on, for example.
npm also changed its policies after that so an incident like that can't happen in the future.
@clacke lmaoooo I have no idea
Maybe a semver-major change landed in git master and it's expected...? Dunno ¯\_(ツ)_/¯
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!