- Operating systems:
- Programming languages
- Objective C
Dependency/package managers are often 2nd class citizens
What are the standard problems?
- No dependency manager tooling
- No defined package format
- No transitive dependencies support
- No sticky versions
- No build/configuration tool integration
- No central artifact repository
- Broken system state
- Version conflicts
- Flakey versions
- Not every OS has/started with an official package manager
- Package/dependency managers are not created by language/OS designers
- Vendors do not really care about automation/dependencies
- Often shared library hosting is done by 3rd party
Who knows what YUM stands for?
Yellow Dog Updater, Modified
What have you been smoking?
APT = Advanced Packaging Tool
APK = Alpine Package Keeper
Programming language ecosystems
- Bower (dead?)
Did you ever make this typo?
npm i -someFlag somePackage
npm i - someFlag somePackage
Configuration management tools
Vulnerabilities all over the place
Have you heard of Solarwinds?
- When entering the (Dev)Ops, be prepared to fight!
- You are forced to live in a dependency HELL!
- ... and a security nightmare!
- People make money on managing your dependencies! Yes, they do!
- Situation will not change any soon!
- Test (on different environments and with freshly fetched dependencies)
- Release (packages with consistent dependency versions; no wildcards for god sake!)
- Isolate (project and system package trees; containers can help)
- Cache (dependencies locally and in organization's artifact repositories)
- Keep (dependency lists in version control)
- Stick (to known versions and sign packages)