Dub is getting some flak here. This is unsurprising because it is really hard to write a good package manager and build system. I use a lot of languages and not one has a satisfactory package manager. Mostly they try to do too much and get in the way or they do too little and people complain (I prefer the second option). And when there are 100+ dependencies, like with Go and Node, it just becomes impossible to say anything about the state of the system (security, anyone?).

Package management is mostly dependency management. This I handle with GNU Guix (and Nix) package managers. They are great at that. This also leaves people to choose any old build system. Inside GNU Guix the build system is consistent, which is really nice. I'll write a blog some time this year.

What you really want is to be able to discover packages (i.e., a website such as Dub provides), pull them into your tree (which is just a path and can be handled by git submodules, though I don't like those much either), and when you distribute: add them to Guix or Nix and provide those packages with build system and as binary deployments to others. These package managers give control over the full dependency graph, including shared libraries all the way down to glibc.

I am not posting this to plug these systems per se. Just saying that writing a generic package manager is hard and is better left to systems that solve handling the full dependency graph correctly. Personally, I am happy very happy with what Guix gives me. Can't think of a better way. I have no reason to use dub.

Reply via email to