upvote

points

by c7b5 hours ago |
comments
upvoteby rounce2 hours ago|
next
[-]
> Go at least has a more capable standard library than Rust.

Many Golang projects I see in the wild will import a number of dependencies with significant feature overlap with sections of the standard library, or even be intended as a replacement for them. So it seems that having an expansive stdlib isn’t sufficient to avoid deep dependency trees, it probably helps to some degree but it’s definitely not a panacea.

reply
upvoteby Measter10 minutes ago|
parent|
[-]
That's not really that surprising when you think about it. Standard library-provided things are implemented on a basis of working OK for as many scenarios as possible, not on one of being the best possible implementation for every possible scenario.
reply
upvoteby uecker3 hours ago|
prev|
next
[-]
The solution exists, and those are curated package repositories as we have in Linux distributions. In C I can simply install a -dev package and use some library which sees some quality control and security updates from the distribution.

The problem is that the UNIX shell model got very successful and is now also used on other platforms with poor package management, so all the language-level packaging system were created instead. But those did not learn from the lessons of Linux distributions. Cargo is particularly bad.

reply
upvoteby well_ackshually5 hours ago|
prev|
next
[-]
>C/C++ are doing fine without package managers.

They're not either, every one of these projects contains a gigantic vendor/ folder full of unmaintained libraries, modified so much that keeping up with the latest changes is impossible so they're stuck with whatever version they copied back in 2009.

reply
upvoteby jkercher48 minutes ago|
parent|
[-]
You make that sound worse than it is. On the overall topic, you have 0 supply chain risk, and the whole thing is local. Also, your code from 2009 is still valid. That would be a foreign concept in some languages like Python.
reply
upvoteby baq33 minutes ago|
parent|
[-]
you have your supply chain risk still, it's just frozen as of 2009 and whatever you vendored back then is as of today swiss cheese; also you'd better have the compiler suite vendored, too (as you should with this strategy).

there's nothing stopping you from using python from 2009 except why would you want to do that to yourself - but the same strategy applies. the reference python implementation is written in C, after all.

reply
upvoteby pjmlp4 hours ago|
prev|
[-]
In C and C++'s case, the batteries included is POSIX + Khronos.
reply