mhoyeMar 6

I'm trying very hard not to get into a fight on github after being told that a package manager should implement _mechanism_ not _policy_, a canard I haven't heard in probably 15 years.

Deciding not to set safe, reasonable defaults is an abdication of responsibility. It's negligence. We've tried doing it that way and we just know that now.

Show threadmhoyeMar 6

"Respectfully, there's no such thing as providing mechanism without policy. There is only mechanism with safe, well-considered default policy or unsafe, unconsidered default policy."

Going to bite my tongue after that.

Show threadAndrew NesbittMar 6
@mhoye package manager clients and registries are literally encoded community policy and governance rules for an ecosystem
Show threadAndrew NesbittMar 6
@mhoye https://nesbitt.io/2025/12/22/package-registries-are-governance-as-a-service.html
Package Registries Are Governance Providers

Registries host files, but they also decide who owns names, how disputes resolve, and what gets removed. That second job is governance.

Andrew Nesbitt
Show threadGreg Wilson
@andrewnez @mhoye https://third-bit.com/2024/02/25/community-norms/
The Third Bit: Community Norms

Mar 6 at 5:12pmWeb