
Fuck you, Debian - gh1
https://medium.com/broken-window/fuck-you-debian-ebe8cede37ed#.9d317qa1x
======
colanderman
How is it not obvious that Debian _must_ enforce such a rule? Otherwise they
open themselves up to issues like the Great NPM Unpublish Debacle of 2016.
Doing so would dilute and ultimately negate whatever value they provide as a
trusted package source (which, BTW, is _huge_ ). (While there are exceptions
(notably flashplugin-nonfree), I believe they are necessarily relegated to the
nonfree repository.)

Not to mention that a package which violates the "no-downloads" rule would
utterly break on any system without Internet access. (Yes, there are very
legitimate reasons, even in 2016, to run a system with access to a package
repository, but without Internet access.)

And the workaround is _trivial_ : just bundle the libraries you need with your
source.

But no, instead of making the effort to understand the notion of trust
inherent in a time-tested packaging system, and implement a simple workaround,
let's whine about it on the Internet and say "fuck" a lot.

What a non-story.

