Mastodawn

I'm trying very hard not to get into a fight on github after being told that a package manager should implement _mechanism_ not _policy_, a canard I haven't heard in probably 15 years.

Deciding not to set safe, reasonable defaults is an abdication of responsibility. It's negligence. We've tried doing it that way and we just know that now.

Show thread

mhoye Mar 6

"Respectfully, there's no such thing as providing mechanism without policy. There is only mechanism with safe, well-considered default policy or unsafe, unconsidered default policy."

Going to bite my tongue after that.

Show thread

Andrew Nesbitt Mar 6

@mhoye package manager clients and registries are literally encoded community policy and governance rules for an ecosystem

Show thread

mhoye Mar 6

@andrewnez Absolutely. It is incredible how many people will argue with a straight face that their software has somehow emerged fully formed from the brow of abstract mathematics, and is not the product of decisions people have made about how other people should work with and be affected by those decisions.

Show thread

Alyssa Coghlan Mar 6

@mhoye @andrewnez Also how reluctant folks sometimes are to admit that a particular default setting may not have been thought about at all beyond "well, I need to initialise it to *something*, and 'turned off' is not going to obviously break anything"

Show thread

Andrew Nesbitt Mar 6

@ancoghlan @mhoye I can't point and say "this" enough!

Show thread

Alyssa Coghlan

@andrewnez @mhoye Now I'm having flashbacks to when we actually got serious about setting *real* default TLS verification policies for the Python standard library instead of settling for that historical practice of "off by default". Yikes, that was a lot of work for a lot of people (worth it, though).

Show thread

mhoye Mar 6

@ancoghlan @andrewnez Yeah, I believe you. Picking "We don't want to have an opinion" is a lot harder to remediate later than "we have to have _something_ to say here, so let's at least build in a way to say something."