❦ 28 août 2015 17:37 +0100, Steve McIntyre <st...@einval.com> : >>The problem is that this *is* usable for nearly all the people who >>currently use it, who just run one command to install it and have all >>those dependencies pulled from a remote repo for them. Because the >>dependency installation process is so easy, they think no more about >>adding new dependencies than we think about installing some application >>with apt that happens to require a bunch of shared libraries. >> >>In other words, the people developing and using this tool don't see this >>as a problem, and therefore don't care about fixing it. > > Depressingly, it seems a lot of the same web typists don't have any > problems with doing the equivalent of "curl > http://some.site/install.sh | sudo bash" . That doesn't mean we have > to do the same in Debian. If there's no sensible way to do controlled > web development, let's just drop this from Debian *now*.
There is no need to use this idiom to do JS stuff. Once you have Node.js
and NPM installed on your workstation, npm will download packages from
the repository using HTTPS which is not better or worse that what most
other languages are doing and we didn't drop them from Debian either.
--
Program defensively.
- The Elements of Programming Style (Kernighan & Plauger)
signature.asc
Description: PGP signature
