Comment by koyote

16 hours ago

I wonder if this is going to push more software to stacks like .Net where you can do most things with zero third-party dependencies.

Or, conversely, encourage programming languages to increase the number of features in their standard libraries.

2 comments

koyote

Reply
saghm  15 hours ago

A few months ago I tried to build a .NET package on Linux, and the certificate revocation checks for the dependencies didn't complete even after several minutes. Eventually I found out about the option `NUGET_CERTIFICATE_REVOCATION_MODE=offline`, which managed to cause the build to complete in a sane amount of time.

It's hard for me to take seriously any suggestion that .NET is a model for how ecosystems should approach dependency management based on that, but I guess having an abysmal experience when there are dependencies is one way to avoid risks. (I would imagine it's probably not this bad on Windows, or else nobody would use it, but at least personally I have no interest in developing on a stack that I can't expect to work reliably out of the box Linux)