
So you want to write a package manager (2016) - lelf
https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527
======
dang
Discussed at the time:
[https://news.ycombinator.com/item?id=11088125](https://news.ycombinator.com/item?id=11088125)

------
throwaway5752
The article may say that an SPM is "not why we are here today" but writing any
package manager is 1) phenomenally difficult and 2) has incredible risk to
system integrity and security. You could do worse that starting out with
reading and understanding RPM ([https://github.com/rpm-software-
management/rpm](https://github.com/rpm-software-management/rpm)) or dpkg
([https://git.dpkg.org/cgit/dpkg/dpkg.git](https://git.dpkg.org/cgit/dpkg/dpkg.git)).

------
pg_bot
I wonder if language designers will take package management into more
consideration in the future. For example, what if every library's version was
included in the module name during compilation. So you automatically go from
MyLibrary.my_function() to MyLibrary::V1.0.0.my_function() after compiling the
code. This way you could easily run different versions of the same library in
dependencies without dealing with the headaches that normally causes. The only
additional restriction I would add is that you have to use an exact version of
a library instead of giving the package manager discretion.

Has anyone tried to implement something like that in a language?

~~~
goto11
I believe .net works like that, more or less, although the libraries
("assemblies") are not statically linked. Assemblies declares a dependencies
on a particular version of an assembly. It is possible to override this in a
configuration file, so you "redirect" to a newer version.

~~~
Ididntdothis
There is a lot there but it’s pretty hard to maintain. Visual Studio has a
tendency to sometimes upgrade references automatically. I have seen it now
several times that a project has been set up with the correct references, then
somebody else opens the project, saves, and now everything is changed. Makes
me sometimes get nostalgic about make files. It took a while to build them up
manually but then they were stable. With Visual Studio there is too much
“intelligence” and wizardry going on behind the scenes.

------
Squithrilve
Counterpoint:
[https://michael.stapelberg.ch/posts/2019-08-17-introducing-d...](https://michael.stapelberg.ch/posts/2019-08-17-introducing-
distri/)

~~~
sagichmal
That... is not a counterpoint?

------
eeZah7Ux
In summary: use system package managers and not language package managers.
Rely on a stable and trusted distribution.

------
jakeogh
[http://michael.orlitzky.com/articles/motherfuckers_need_pack...](http://michael.orlitzky.com/articles/motherfuckers_need_package_management.xhtml)

