Skip to main content


 
dependency management problems are a thing irrespective of the license of those dependencies. nobody anywhere is writing assembly code entirely on their own, even then you depend on a compiler. every software project has dependencies. it's a problem solved by version pinning. i can't believe a tech writer wrote this?

here is the article this paragraph is from https://techcrunch.com/2018/02/05/mixpanel-passwords/

it's interesting the author decided to highlight the open source problem and not the fact that mixpanel is in the business of surveillance

that being said, that headline

*slurps your passwords*

As a popular tech product creator, you surely noticed a wide range of knowledge and opinions among "tech writers", right?


Click to open/close

@feld no. you gotta be paying attention to new releases of your dependencies (there are tools for this), but version pinning means you don't get unexpected breaking changes from someone else's code.

I second that, you can't just trust an automatic dependency updater to keep your own software running. A dependency isn't entirely free work you're using from someone else; whatever the license, you have to spend at least some time managing them.