1 |
On Mon, 2020-04-20 at 16:04 -0500, William Hubbs wrote: |
2 |
> Your proposal seems to completely go against how the go ecosystem operates, |
3 |
> but if you can come up with a proof-of-concept for how it would work |
4 |
> without forcing a lot of busy work on us that would never get accepted |
5 |
> upstream, I'll take a look. |
6 |
> |
7 |
|
8 |
Define 'busy work'. |
9 |
|
10 |
Is doing things right 'busy work' vs taking shortcuts? Is it 'busy |
11 |
work' that I'm putting a lot of effort into fixing Python packages? |
12 |
Should I just last rite them all and tell people to use virtualenv? |
13 |
|
14 |
Is testing packages 'busy work'? I suppose it's all easier when you |
15 |
just silently include 240 dependencies without testing a single one of |
16 |
them and call it a day. Sure, you run some tests on the final package. |
17 |
Leaves 240 untested, some of them likely failing tests and requiring |
18 |
'busy work' to fix them. |
19 |
|
20 |
Is security support 'busy work'? I suppose it's all easier when you |
21 |
ignore them problem and let security team deal with it (except they |
22 |
won't). Sure, you can assume that when vulnerability is discovered, all |
23 |
upstreams will eventually learn of it, update their bundled dependencies |
24 |
and *maybe* inform people that their code might have been indirectly |
25 |
vulnerable (but would they do the 'busy work' of discovering whether it |
26 |
affected them or not?). |
27 |
|
28 |
I realize Go is not isolated here. It's just brought as one major |
29 |
example. Rust is no better. All these shiny 'write and forget' |
30 |
languages share the same problem. Pay for some work hours, get |
31 |
a working product, deploy it and forget unless customers want more |
32 |
features. |
33 |
|
34 |
Today these languages are still young and the problems can be considered |
35 |
largely theoretical. But some day -- well, unless all the cool kids |
36 |
manage to move on to next shiny new language before then -- this will be |
37 |
a major catastrophe. |
38 |
|
39 |
-- |
40 |
Best regards, |
41 |
Michał Górny |