[GTALUG] curation [was Re: A find alternative: fselect]

D. Hugh Redelmeier hugh at mimosa.com
Mon Jun 17 11:44:56 EDT 2019 

| From: Lennart Sorensen via talk <talk at gtalug.org>

| On Thu, Jun 13, 2019 at 10:06:37PM -0700, Dhaval Giani via talk wrote:
| > I agree with you on this, but also seeing how some libraries get
| > developed/updated (I am looking you, npm), I can see why some
| > programmers prefer static libraries.
| 
| But npm is one of those modern eco systems that believes every project
| should pick its own version of everything.  It is effectively static
| linking.
| 
| So npm is the static linking problem.

I'm thinking about npm (a JavaScript repository).  Not that I know
anything about it.

The word "curation" has been used to excuse a bunch of things, good
and bad.  But it's not a bad description of the role I'm thinking of.

I admit that I go on and on about these issues.  See for example
	updates and shared libraries [was Re: A find alternative: fselect]
from last week.  Or my last lightning talk "What is a distro?".
But I think that they are really important.

There is too much software that we want and need for each of us to do
quality control:

- is well designed for the problem it addresses?

- is it better than the alternatives?

- does it fit into existing environments?

- is it sufficiently stable?  Bug free?

- does it have a reasonable liklihood of not being a security risk?

- is it stable?

- does it have a liklihood of ongoing support and development?

- is there a reasonable way of feeding back bug reports to the
  developers?

I mostly depend on Fedora to do these things for me.  Perhaps not
perfectly, but a lot better than I can do on my own.

I chose my distro partly based on how well I think that they do this
curation.

Non-Linux folks are often uncomfortable with the level of curation by
Linux distros.  They feel more comfortable with Microsoft or Apple.

A bunch of systems that exist as part of Linux also bypass the distro:

- Python Package Index (python)

- PEAR (PHP)

- CTAN (TeX)

- CPAN (Perl)

- npm (JavaScript)

- crate.io (Rust)

Who then does the curation?  Are they any good at it?  It's easy to
say "the user", but for big things like these that is impractical.
I'm not particularly comfortable with any of these repositories,
possibly due to ignorance.

If you need things from these repos, it is pretty easy to rationalize
trusting them.

More information about the talk mailing list