An interesting theme I keep seeing popping but is that system package managers don’t need all the features that language package managers have, like lockfiles.
I suspect it’s more of a cultural thing but definitely needs more investigation into what’s really going on behind those comments.
@andrewnez Lockfiles for package managers are called repofiles. 😊 The entire distribution is a single lockfile. In #Fedora, we make a new compose every night. Compose can fail for many reasons. And successful compose does not yet means that every package is installable. Here is a good starting place for your rabbit hole https://github.com/osbuild/osbuild-composer
@andrewnez Don't think they can have many features? Take nano and make- they're both unaware of each other, unaware of who is packaging them, the distribution format is binary. With so much pre-dating modern package manager patterns, OS package managers can't get too fancy or the can't use package repo-unaware apps.
I did make this experimental tool for creating a lock-like file for my dependencies that weren't npm/pypi/etc. It only *audits*
@mistersql @andrewnez i had been developing similar representations of dependencies for a reliable shell environment and spack solves this conclusively for my purposes
@andrewnez distro package managers are solving a completely different problem
@andrewnez having exactly one global package version set at a time makes perfect sense when you are directly plugging into a global resource like the user's hardware. package managers like spack, cargo, pip are intended for the purposes of a development workflow shareable across machines and are frequently used to implement distro packaging
Docker is hovering over my shoulder right now 😅
