Programmer Humor

32050 readers

1619 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

324

Package managers be like (linux.community)

submitted 11 months ago by [email protected] to c/[email protected]

162 comments fedilink hide all child comments

Sorry Python but it is what it is.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 125 points 11 months ago* (last edited 8 months ago) (32 children)

[–] [email protected] 56 points 11 months ago (4 children)

npm is objectively worse. Base pip packages aren't getting hijacked.

[–] [email protected] 23 points 11 months ago (1 children)

Maybe I’m misremembering, but didn’t pip have it’s own security concerns earlier this year?

[–] [email protected] 6 points 11 months ago (1 children)

I believe that was just name squatting.

[–] [email protected] 6 points 11 months ago (1 children)

It’s less the name squatting and more pip not supporting a certain PyPI resolution order: https://github.com/pypa/pip/issues/8606

For example, I have A, B and C in my requirements.txt but I want to install C from my own private PyPI. Everything works fine until someone uploads a package name C to the public PyPI then suddenly I’m not installing my private package anymore.

[–] [email protected] 2 points 11 months ago

Yeah, I remember now. the name squatting was from people putting malicious packages under misspelled names of well known packages, like "requets" instead of requests.

load more comments (2 replies)

load more comments (29 replies)