Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Should everybody consuming every library fork it in case the author throws a tantrum?

Yes you should always fork open source projects critical to your project that are not mirrored somewhere safe, you never know when they may be inadvertently deleted, that's just common sense.

For dependencies, simply pin your versions and put library upgrades through a code review, that way no unknown code enters your system. Or just wait a couple days after a new release, the shit will hit the fan from all the incompetents.

> That hardly seems workable

Right, no one wants to do the work.

> For what? Sellers remorse. Author wrote something and gave it away, then regretted giving it away. Sorry.

For what? Buyers remorse. You blindly pulled code without looking at it, then regretted pulling it. Sorry.



> For dependencies, simply pin your versions and put library upgrades through a code review, that way no unknown code enters your system.

These are all solid recommendations but don't excuse shit behavior on behalf of certain poor participants in the ecosystem. Which it seems you're super eager to do for some reason.

> Right, no one wants to do the work.

I mean so far it looks like one guy lol.

> For what? Buyers remorse. You blindly pulled code without looking at it, then regretted pulling it. Sorry.

We're talking about this guy's motivations not that of the consumers.


> don't excuse shit behavior on behalf of certain poor participants in the ecosystem

Why not? You are excusing the incompetence of everyone affected by this.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: