this post was submitted on 30 Jan 2024
787 points (98.3% liked)
Programmer Humor
37637 readers
702 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yeah, I've given up trying to know all the libraries in my projects. I feel like the added development speed and code quality is just so good that not taking the risk of a supply chain attack is basically not an option.
I do try to primarily use libraries from the Rust team or from more widely known devs (and hope that they also do that), but most projects worth doing will need one or two specialty libraries where all bets and bus factors are off...
You think your code is higher quality with more dependencies? All you're doing is offloading complexity to a separate project.
If you make a program that does "something worth doing", but you need some specialty library to actually do it (which you didn't implement yourself), than sorry, but it wasn't you who did it.
Yes, offloading complexity to a separate project which has already invested more time into code quality than I could possibly justify.
As for your second point, I don't care who solved the problem. If you care, I hope you're smelting your own sand to build your own CPU and assembly language. But I'm obviously also not solving the exact same problem as the library already solved.
Why are you looking for conflict?
If you want to build something from scratch, you first have to invent the universe :) (paraphrased from Carl Sagan)