This is a good thing to consider when picking Linux distros. Who are the maintainers, is maintenance done in the open, do they enforce reproducible builds, how is review process done, what are requirements for mainters/packages/releases?
You also have the option of building from source yourself. Some package managers and distros (Gentoo, NixOS, Guix) do this for you.
This is BTW the main reason I wouldn't use derivate distros for anything serious.
Debian's generally trusted in the community - their slow pace come from risk-aversiveness.
> The maintainers can be compromised though. Is every single version of every single "vetted" package / maintainer also vetted?
Pretty much, packaging is not a brainless process. One of the effort that specifically target this is the Reproducible builds project [0], along with many other security measures set by each distro.
There are also usually multiple testing and updates rolling stages.
The best evidence of how effective these measures is its actual reputation and record on the ground.
I would still pick Java any day over the vast majority of languages. Gigantic ecosystem, gigantic community, gigantic knowledge base, solid IDEs, and the list goes on.
It's not a code quality issue, there are ways to ensure determinism (sometimes you just need to set a flag), however, they are intentionally explicitly not used in order to gain performance.
Well, a lot of those requirements are highly bespoke to your task and to your team.
My C# pipelines and C# apps are far easier to package and deploy than my Python apps for example. And, as you said, the pipeline is normally a one time cost.
You may not realise this, but this post is about a framework that let's python devs make modern web apps without touching the JS ecosystem.
The root comment appreciates the framework, and shares their unwillingness to write JavaScript and HTML. The reply to that comment asks why don't they try TypeScript.
I think that reply is absurd because asking someone to write TypeScript when they dislike JavaScript in the first place is absurd.
I know and realise the fact that JS+Types is way better than plain JS, and infact I write TypeScript on everyday basis.
> I think that reply is absurd because asking someone to write TypeScript when they dislike JavaScript in the first place is absurd.
I don't think it's absurd to ask someone to try Typescript first before jumping through hoops just to make Python run on the web, which certainly brings a lot of problems of its own. You do have to actually try it to see how it's a completely different experience, even if the types are just bolted on.
You're at the whim of the crap dependencies that you choose to use in your projects. If they don't document their code or if they force you to upgrade your tooling, it's not the fault of the TS team.
I try avoid 3rd party libraries very aggressively and I don't have half the issues people talk about in front end dev. My normal set up is angular and go.
Perhaps the next programming language / ecosystem can remove this problem entirely . Why is it so hard to have access to everything while shipping only what is actually needed?
The need to runtimes shared by multiple applications on a single machine makes this a hard problem to solve, unless it's statically compiled. Of course, Docker renders this moot, and I'm unaware of any languages written in a "Docker-first" manner.
