![](https://discuss.tchncs.de/pictrs/image/aaeabf49-c3bf-46c7-953e-e7a2859f3b4d.png)
![](https://lemmy.ml/pictrs/image/q98XK4sKtw.png)
Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.
Howdy! 👋
I’m level 27 web dev from 🇫🇮 Finland. Full stack developer by trade but more into server side and sysadmin stuff.
A furry or something. Why be yourself when you can be fluffy raccoon on the internet?
I’m also on Mastodon: @[email protected]
Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.
Cool, thanks for the explanation.
a single application that gets bundled with all necessary dependencies including versioning
Does that mean that if I were to install Application A and Application B that both have dependency to package C version 1.2.3 I then would have package C (and all of its possible sub dependencies) twice on my disk? I don’t know how much external dependencies applications on Linux usually have but doesn’t that have the potential to waste huge amounts of disk space?
Sorry to ask, I’m not really familiar with Linux desktop nowadays: I’ve seen Flatpak and Flathub talked about a lot lately and it seems to be kinda a controversial topic. Anyone wanna fill me in what’s all the noice about? It’s some kind of cross-distro “app store” thingy?
My main issue with CVEs nowadays is that it seems one gets generated even when 99% of the use cases for the software in question are not vulnerable as the vulnerability requires a very specific configuration/circumstances/etc. to be exploitable. In large projects with lots of dependencies this adds a lot of noice and there’s a risk that actual important CVEs go unnoticed.