Gregory's ServerAfter GitHub put an archive of Mastodon code into arctic ice it got me thinking how dependent our rollout mechanism is on contemporary infrastructure like RubyGems and NPM. That bit us in the ass at least one time when a release of Mastodon became uninstallable because a package author removed a specific version of a package. At least our Docker images are entirely self-contained/pre-built.
 No comments
[DATA EXPUNGED]
@Gargron this is why I've started hosting my own gitea, drone ci, and Verdaccio instances. Would recommend.  @Gargron Build on top of Debian/sid. Old distro releases aren't going to get yanked from under you, and the state of the rolling release is always internally consistent. Including cross-language dependencies: a problem RubyGems and NPM generally ignore. My #npmgate rant: https://mastodon.social/@angdraug/104437604978529955 |
@Gargron This is why I really hate the modern culture of package managers. They make things incredibly fragile.
At the very minimum, package managers should enable you to check in all your dependencies into your repo.