PyTorch and the PyPI supply chain

Posted Jan 12, 2023 3:14 UTC (Thu) by bferrell (subscriber, #624)
In reply to: PyTorch and the PyPI supply chain by mpr22
Parent article: PyTorch and the PyPI supply chain

Until VERY recently if you wrote PERL code that did this, the dev community would fetch piles of wood and burn you to the ground.

A few years back a VERY common module got re-written and made major changes to the behavior of the code... With no documentation. They just thought it was a "good idea (tm)".

Post hasty, that got changed and while the new behavior WAS a good idea and kept, it became a "turn it on with a variable if you want it" vs "here, let me shove this down your throat".

to post comments

PyTorch and the PyPI supply chain

Posted Jan 12, 2023 14:36 UTC (Thu) by smoogen (subscriber, #97) [Link]

I wonder if that is because the Perl community learned the lessons the hard way. I spent way too much time in the late 90's and early 00's fixing 1 am outages to undo some developer's 'grab the latest from CPAN' which 'fixed' whatever bug they had but added 200 new ones in a myriad of dependencies (or my favorite.. why is the perl on each web server or application different? Oh because each team of dev's did a CPAN update and compiled a new version as part of that..) Things became more stable after that... but I also was dealing with perl less and less because various web devs I worked with were finding it 'too stodgy' and moving to Ruby, Python and then Node because speed in module changes were there.