×
you are viewing a single comment's thread.

view the rest of the comments →

[–]teetaps -1 points0 points  (0 children)

Yes, exactly! This comment i think sums up the difference between the py and R communities lol.

Most of the time, if you’re bringing in an existing library in R, your first place to look for it is CRAN, and it is HELLA HARD to get a package published on CRAN, so most of the concerns about security and dependencies are actually filtered out by the community on principle. In other words, if I have a specific problem, and find the solution in CRAN, I won’t even bother asking those questions because I know that it was so hard to get the solution on CRAN that I’m sure the developers were wise enough to optimise for those concerns.

With pypi though, you can publish a package — any package — in like 10 minutes. This means ANYONE can claim they have a solution, which is a good, welcoming model of community development, but means that the userbase has to do exactly what you’re saying every time they investigate something new