Two additional concerns that impact this space are:
Ralph Tice

Great thoughts, thanks!

I think this:

whether a language has support for loading multiple versions of a dependency at runtime (Erlang, .NET) which affects whether you are forced into some sort of method of walking the dependency graph to identify conflicts or compatibilities

is already pretty well-covered:

If your language permits it, and the type system won’t choke on it, and the global state risks are negligible, and you’re cool with some binary/process footprint bloating and (probably negligible) runtime performance costs,AND bogging down static analysis and transpilation tooling is OK, then duplication is the shared deps solution you’re looking for. That’s a lot of conditions, but it may still be preferable to reconciliation strategies, as most require user intervention — colloquially known as DEPENDENCY HELL — and all involve potentially uncomfortable compromises in the logic itself.


By “native dependencies,” I assume you mean good ol’ C shared library-type things, right? Yeah, that issue is on my list to address in an update to the article. I think the shortest-possible version of my take is that a PDM can be responsible for best-effort in that area, but that’s it. Anything more, and you’re turning into Guix — which is out of scope.

The decentralized approach to packaging is an interesting question, as well. To start, there’s the basic Zooko’s triangle issues. Given the unacceptability of compromising on any of those three for this case, we know we have to square the triangle, which necessarily means building atop a fairly complex substrate. It might be worth it, but it’s truly its whole own article to write considering the tradeoffs (and a lot more research for me, as it’s not really my area.)

whether in 2016 you should build any sort of tooling without a remote API or some other machine-readable interface for composition…

I may be missing your intent a bit, but I do agree entirely with respect to the general issue of composition. I think this was implicit in some ways — PDMs within LPMs, PDMs within the compiler pipeline, within the VCS timeline — but I need to surface that more explicitly.

Show your support

Clapping shows how much you appreciated sam boyer’s story.