@sir recently wrote Developers shouldn't distribute their own software, which I read shortly after Maintainers Matter (”The case against upstream packaging”).
Developers shouldn't distribute their own software
The gist is this: distributions distribute sets of programs, picked by maintainers according to some standard of quality, and package them for end users. They are intermediaries, not adding much to the software. Can we get rid of them? The two blog posts argue that the answer is *no*, we cannot. The maintainers act as quality assurance.
The difference in trust between managed software repositories like Debian, Alpine Linux, Fedora, and so on; and unmanaged software repositories like PyPI, npm, Chrome extensions, the Google Play store, Flatpak, etc — is starkly obvious. Debian and its peers are full of quality software which integrates well into the host system and is free of malware. Unmanaged repositories, however, are constant sources for crapware and malware. – Drew DeVault
Just look at recent news: typosquatting malware, malicious packages, they’re everywhere, if you search for the right keywords. The problem is *unmanaged software repositories*.
I guess I’m lucky my beloved CPAN hasn’t been hit. I guess that’s a sign of Perl being unpopular? There’s a benefit to obscurity, at least...
#Programming