Mastodawn

I'm trying very hard not to get into a fight on github after being told that a package manager should implement _mechanism_ not _policy_, a canard I haven't heard in probably 15 years.

Deciding not to set safe, reasonable defaults is an abdication of responsibility. It's negligence. We've tried doing it that way and we just know that now.

"Respectfully, there's no such thing as providing mechanism without policy. There is only mechanism with safe, well-considered default policy or unsafe, unconsidered default policy."

Going to bite my tongue after that.

Andrew Nesbitt Mar 6

@mhoye package manager clients and registries are literally encoded community policy and governance rules for an ecosystem

@andrewnez Absolutely. It is incredible how many people will argue with a straight face that their software has somehow emerged fully formed from the brow of abstract mathematics, and is not the product of decisions people have made about how other people should work with and be affected by those decisions.

Alyssa Coghlan Mar 6

@mhoye @andrewnez Also how reluctant folks sometimes are to admit that a particular default setting may not have been thought about at all beyond "well, I need to initialise it to *something*, and 'turned off' is not going to obviously break anything"

@ancoghlan @andrewnez I'm 100% convinced that the "mechanism not policy" argument is DARVO for software design.

Alyssa Coghlan Mar 6

@mhoye @andrewnez "It's not designed badly, you're just holding it wrong"

@ancoghlan @andrewnez ... while I, the developer of this software, who designed, implemented and documented all of the handles, am powerless and also blameless, and it is in fact _you_ who are attacking _me_ by arguing that it should be different.

Chris Petrilli Mar 6

@mhoye @ancoghlan @andrewnez these are the same people who say they aren’t political.

Jason Orendorff Mar 6

@mhoye I don't think I ever heard this slogan before last year. I ran across it in a paper from 1975, <https://dl.acm.org/doi/epdf/10.1145/1067629.806532>

"an operating system should not attempt to provide a fixed set of policies, particularly protection policies. Rather, it should provide a set of mechanisms with which a large set of policies [...] can be constructed."

Even at that time, was this smart design, or an excuse to play with mechanism and ignore practicalities? maybe both

@jorendorff The audience for that idea at the time would have been mainframe purchasers. In 1975 the PS/2 is still twelve years away, and everyone who you would be "providing mechanism" _for_ was large team of full time operators with deep systemic knowledge and fabulously expensive four-hour support contracts. It made sense when you got what would by today's standards be the barest of barebones systems that your team would then configure to your business requirements. Whole different world.

Jason Orendorff Mar 6

@mhoye yeah, full agreement, I had a followup toot like "needless to say, the concerns were different before the IBM PC, the internet, and my entire life" and didn't send

@jorendorff ... also given modern sensibilities it's a baffling read? "Hydra shouldn't impose policy" my guy that is the number one thing Hydra wants to do and that policy is going to be "we're throwing your whole ass into the mechanism."

Jason Orendorff Mar 6

@mhoye "it's cool because you don't want a _car_

that, like, comes with a key, and you just turn it

you're gonna build your _own_ car"

@jorendorff This is, no joke, exactly what fancier cars in the 1920s were and the top end Rolls Royces are today. You didn't do anything as pedestrian as "buy a Duesenberg", no sir. You talked to a consultant who tailed your particular order for your very specific Duesenberg.

@jorendorff also - I think I need to rewrite the wikipedia article on this? It's oddly written and very ahistorical...

https://en.wikipedia.org/wiki/Separation_of_mechanism_and_policy

Separation of mechanism and policy - Wikipedia