this post was submitted on 22 Dec 2025
99 points (97.1% liked)
Technology
77873 readers
4599 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Can’t they make dependencies something that get checked at launch time? The executable says “I have the following external dependencies pulled in. “ and then if a version is blacklisted, the executable should stop and throw an error saying exactly what component was blacklisted and stopped it from running.
Why can’t we have executable declare their dependencies at launch time to the OS?
That's essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like "libcaca >= 1.2.3" and that's that. If that dependency isn't available in the distro you need to have that packaged (and thus have a maintIner for said package) first. The distro's package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Often there's also a security team that watched for packages requiring expedited attention, and security backports.
Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.