Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
qpm, a package manager for Qt / QML (cutehacks.com)
41 points by bpierre on Oct 7, 2015 | hide | past | favorite | 10 comments


> qpm is a command line tool for installing and managing dependencies for your application. It is based around Qt's .pri file support so everything gets compiled into your application binary. No libraries, no plugins, no qt.conf, no deploying QML/JS files. Everything gets rolled into your app for easy deployment. The tool itself follows the same principal. It's a single static binary executable with no dependencies, no config files, and no environment variables.

This sounds great. I know the file will actually be larger but I still think that we have the tendency to think everything should be smaller.

In Linux I think we need to deploy applications not sharing libraries past the basic frameworks (I don't know where the line should be drawn). Everything in a folder would make Linux just Linux and it would just work. Uninstalling an application would be deleting a folder.

This is a platform dependent on Linux, OS X, and Windows with everything included in a single binary.


When I upgrade OpenSSL, I want to upgrade one package and have everything get the benefit. I do not want anything I think is secure to be insecure because its encryption code wasn't actually upgraded.

That goes for other packages, too.


Sure, I agree, as does your parent. For code like that, it should be dynamically linked. The rest though? I'm happy for it to be distributed with the app itself.


Well how does Containers work?


They don't -- at least they don't really do anything substantially different. Depending on the container implementation, they either work by using the system library, which have all the downsides of shared libraries, or they bundle their own which have all the downsides shipping a potentially old or insecure version that won't see updates.


This seems like something the qt.io guys should be taking up.


Exactly, I've been thinking for a while that the lack of a package manager is really holding back qml adoption.


I recently spent some time with npm. Holy fuck, that is a gorgeous piece of shit.

It's gorgeous because it does exactly what it's supposed to do, exceptionally well.

It's a piece of shit because every little thing you use has 3 billion dependencies which you have to validate and verify n some manner.


> It's a piece of shit because every little thing you use has 3 billion dependencies which you have to validate and verify n some manner.

If you mean to prevent breakage, shrinkwrap lets you lock down dependency versions: https://docs.npmjs.com/cli/shrinkwrap

If you mean something else (security?) then I'd probably just not use npm, because as you said your dependency tree is going to be deep and reviewing all of that code is impossible.


I think that's a consequence of its success. Every little library that anyone thought of building is up there.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: