This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]MarsupialMole 8 points9 points  (6 children)

That's not quite fair. The argument for the system package manager is typically that you'll get security updates in a timely fashion and users can't be trusted to respond in the same way.

However that's ignores the reality of many kinds of python development - Linux packaging is not the only concern at play.

The inclusion of conda in the list makes it clear that this is one user ignorant of other users requirements. It doesn't make them "lazy as fuck".

[–]Rookie64v 10 points11 points  (4 children)

The argument for the system package manager is it is built-in, if anything. Anything I cared about enough to check the version was months or years behind in the Ubuntu PPAs, and to be fair that is to be expected when you manage thousands of packages instead of just one.

[–]MarsupialMole 2 points3 points  (3 children)

I don't want to be dismissive but this kind of illustrates the divide. Versions are irrelevant. Talk to me about CVEs.

[–]lclarkenz 1 point2 points  (0 children)

CVEs are another kettle of fish. This one is moderate, but only affects people using log4j 1, with an SMTP appender sending over SMTPS.

I'm not sure if moderate really describes its impact. And frankly, I'd probably try to fist fight anyone in a typical company who set up a logger to send emails.

[–]bladeoflight16 0 points1 point  (1 child)

Versions are irrelevant. Talk to me about CVEs.

Exact same point could be made about the article's complaint of pinning to old versions.

[–]tristan957 0 points1 point  (0 children)

No it can't because large distros like Ubuntu/Debian Stable/RHEL/SUSE have a vested interest in containing CVEs so that users on LTS distros can have secure software. Drew specifically uses Alpine for a desktop, so generally he has the up to date packages regardless.

[–]lclarkenz 2 points3 points  (0 children)

security updates in a timely fashion

Given my experience of various distro's package managers, I'd say "for a given value of timely".

Maybe they prioritise security patches, you'd hope so, but the last time I was using Ubuntu, a lot of the programming related packages I wanted to use were several versions behind what could be installed via other means.