Package Management and Versioning are a joke currently
Had a fun weekend and first half of week caused by an upstream package (a cron lib) changing from quarts style schedule strings (secs, mins, hours, days, months, years aka * * * * * *) to standard 5 variable cron strings.
As a mere user/admin of the vendors software I should have been able to pull the container image and build, but noooooo due in part to the updated cron libs dev using master as the release branch with a massive breaking change, instead of a tag meant new deploys were pulling in the wrong version and so failing to start, even though the vendors code was correct (for the old version) the way the packages were pulled in meant it was pot luck if it would work or not depending on if you had the correct package locally cached (yay random errors and works on my machine debugging on a vendors release!!). Sure i could say the dev of the cron lib is an asshat for releasing in such a way as to break existing code, but ensuring new projects have the new shiny, but really i dislike the assumption in the build process that i want the latest, and if the references mention the version to use, it should bloody well use that version, which is why you need a registry not a source control system for this to normalise releases, could care less if the git repo tags a release as "unicorn-rainbow-facemask-latest" as long as in the registry it knows its 1.0.0
This was despite the fact the vendor having what looked like an pegged version in its package references turned out to be more of a comment than an instruction. Ultimately i put this down to being a failing of the language/ecosystem than any given dev, git is not a package manager nor should it be used as such, but thats what it seems GO does, i mean seriously it makes me almost (almost) have a good thing to say about npm and bower.
Biting the hand that feeds IT
