[conspire] People failing to learn about package gatekeeping, part 1

Sun Apr 17 18:02:50 PDT 2022

Quoting Ivan Sergio Borgonovo (mail at webthatworks.it):

> As a developer I'm a user myself.

But (without objection), the particular needs of a developer for a very
specific software environment are often an edge-case.

If, say, you had been a very bad person and wanted to punish yourself,
you might decide to be a PHP developer.  ;->  And, in the process of
improving your projects, you might be strongly drawn to the cutting
edge, and so might reasonably become impatient with, say, the PHP 7.3
tools and libraries provided by Debian 10 "Buster" (current debian-stable). 

That's why the Web is choc-a-bloc with third-party instructions about
how to circumvent your distro package regime partially or wholly, to get
versions beyond what the distro provides.  This example for Debian 10
is among the least reckless, only adding a third-party "PPA" repo to
sources.list:
https://computingforgeeks.com/how-to-install-latest-php-on-debian/

At _least_ apt will know what gets installed, when you do that, unlike
with that npm / Node.js idiocy.

Heck, as a developer, you might even get impatient with the packaged PHP
components in Debian testing/unstable -- and that's where the temptation to 
kludge in fetches from the PEAR repository come in (which apt would
_not_ know about).

But, point is, as a _developer_, you would know that you are erecting a
non-distro subsystem atop your distro.  You would be aware that the
distro itself would know nothing about what the subsystem was doing, and
would be on notice of the potential for harm up to and including
breaking your system and needing to rebuild.

When we speak of users adopting such things being blunders, we don't
really mean those for whom "As a developer I'm a user myself".  We mean
the people who're unaware they're insouciantly wandering away from a 
system carefully designed to be curated and coherent.

And you'll note I didn't say "Don't do these things."  I said "Do these
things only if actually necessary, with full awareness of what you're
getting yourself into."

> From the point of view of a developer you just make a compromise
> according to the resources you have... and most of the times making
> a software easily accessible with a fast peace of development is
> preferred at the cost of an extra safety net.

This is where I imagine that a VM, or something lighter-weight but 
with isolation abilities, like LXC, OpenVZ, Ilumos (ex-Solaris)
Containers/Zones -- or even just chroot jails.
https://en.wikipedia.org/wiki/OS-level_virtualization

I imagine that's what I'd do.  Then, you can go crazy with weird
cutting-edge things in the chroot-like environment, and not (usually)
have to worry about hurting, or adversely interacting with, the host
system -- nor would you have the overhead of a hypervisor.