Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
bombolo
on Dec 20, 2022
|
parent
|
context
|
favorite
| on:
Boring Python: Code quality
It's more dangerous to let people pin dependencies and have vulnerable libraries in use forever.
burntsushi
on Dec 20, 2022
[–]
Who says the distros are
using
the lock file? AFAIK, Debian doesn't use ripgrep's lock file, for example. They don't have to, because of semver.
LtWorf
on Dec 20, 2022
|
parent
[–]
What's the point of the lockfile then?
burntsushi
on Dec 20, 2022
|
root
|
parent
[–]
For people that want to build with the exact set of dependency versions tested by upstream. Just because some distros don't use them doesn't mean there isn't any point.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: