Packaged Madness


I recently went through the recurring software refresh of my development laptop. I usually do a full cleanup (OS included) and this time was even better thanks to the "Reset this PC" feature.

I wanted to do it better this time in terms of installing all those programs you always carry over your next installation and set my eyes on using Chocolatey for installing and maintaining those.

However this post is not about how easy it is or taking "about time, dude"s or rating (it kind of is). It is about choices. And not the lack of them. Quite the contrary. It is (again) about the sprouting of similar solutions to a problem that should have been a solved problem ages ago.

I just want to install some stuff. Where do I start?

I you are in the Windows arena you have been laughed at many times for those Linux gurus (and, painfully, noobs too) praising the glory of APT (Debian/Ubuntu), Yum (Red Hat/CentOS), Portage (Gentoo), YaST (SUSE/openSUSE) or whichever the hell distribution they happen to be running that day.

You might also have experienced a smirk from the MacOS guys when they proudly present you with HomeBrew and go on firing up a fullscreen terminal with a three-line-long prompt in full color glory.

You smile politely at their beards (those are inevitably worn for users of such platforms, regardless of their age or gender) and fire up "Programs and Features" GUI and mumble about how MSI does all that and more (or so you've been promised) and why you do not need a stinking package repository when you have the InterWebs at the tip of your cursor.

If you are resilient to mockery you can fire back with that monochrome CMD instance and type choco (ignore the chuckles, since... well, beer trumps chocolate any time and typing chocolatey would only make things worse) and look pretty proud about how well it does the job (ignore the chuckles again).
You can even stretch your suspenders (because you are wearing those, right?) and boast: "Microsoft even went one step further and presented to the world a package manager manager” (or unified interface to package management if you are in a sales pitch). “You'll be hearing from PackageManagement a lot in the future”. Probably they won't.

But, but... Installing I can handle. Keeping up to date is the hard one.
Sure, because I forgot to mention that regardless of whether a program was installed through a package or not, modern software tends to update itself. Some of it.
And those tend to do it in their own unique and "superior" way:

  • ever-green browsers do it their way
  • ClickOnce applications (whoever still uses them)
  • Squirrel applications ("ClickOnce done right")
  • store apps: Windows, Mac, Android, Apple Store,... do their thing as well

I am a developer, already too many options

If you are a developer of some sort, chances are you are already using some sort of repository to bring down dependencies to your software. Most likely those repositories use some sort of command line client because, well, who doesn't like the sound of pounding keys or the feel of scripting?

Chances are those repositories are focused on your language/platform (my shallow knowledge of every platform out there is limited, so pardon my ignorance and use the comment sections for my and other people's enlightenment):

  • Maven for Java developers
  • RubyGems for Ruby stuff
  • Pip for Python people
  • NuGet for .NET (Microsoft development platform) thingies
  • Npm for the Javascript minded (and not only for the server-side, event-looping loving ones it seems)
  • Bower for The Web (although it seems in its way out)
  • Powershell humans (let's tag them as developers as well, because they kind of are, in their own scripty way) now have PowerShellGet to pull down useful modules

I am sure there is one for every major (and medium and possibly minor) developer ecosystem but forgive me for not listing every one of them. I will solely point out those that have some sort of experience with.

And things get even more confusing because some of the package managers host programs and utilities that are useful in their own right, besides libraries, modules, etc... For example, a lot of interesting console apps distributed via NPM or as gems.
To include a bit of recursion and nesting, since some managers are targeting different scenarios, it is not uncommon package managers being installed from other package managers.

Already too much

Barely madness.
I am sure a human can take a bit more, so, let's talk about newcomers that are likely to gain more and more popularity:

  • Bower light might be fading, but here comes yarn to save the web or Duo to re-save it
  • NuGet has big guns behind, but some people swear by Paket
  • Chocolatey has come a long way, but Scoop is here to claim its share
  • ...

Let's face it: there are a lot of different managers and tools. Too many. And they interbreed. And each one of them "believes" is better than the rest of their competition.

As a consumer

Some consumers have a challenge: install and maintain software and libraries.
They may not even be able too because of company policies which sole purpose is prevent productivity (non-professionals won't be protected from themselves anyway).
But before those lucky ones that are able to can even start, they need to pull down three of four package managers that enable them to install some of the software they need and feel comfortable with. And learn their about how they work.

But to pick that handful one has to suffer the anguish of picking right:
am I going to miss a key applications for me if I choose Scoop over Chocolatey?
In which way is Paket better than NuGet? I have never had any of the terrible damages one seems to inflict on its users.
Some months ago NPM was the shit, but now? Non-determinism does not sound appealing to me.

And then some programs will update themselves, overtaking the package management system and when and upgrade of the package is performed, then nasty versioning conflicts scare the hell out of the one thinking he or she made a smart move embracing the console.

It is a messy and painful experience and I am starting to believe package managers have not made a consumer life sensibly easier.
Alright, I am exaggerating, because at least for developers it makes a notable difference to have one instead of zero. But having multiple? Breeding more is not helping.

As an author

Consumers are screwed, but authors that want to have happy consumers are not better. They will have to deal with several sizable tasks:

  • creating kick-ass software
  • picking the flavors of the month to get their software reaching as many people as possible
  • learning about the inner workings of all of them because, after all, you do not want your consumers to have a bad experience and take the blame
  • helping volunteers that create packages for their creations out of kindness or delivery platform promotion
  • coping with those that need one more package format or else they will spend their money and/or time somewhere else

We are nice people but the world is against us :-p

Light at the end of the tunnel?

Honestly, I cannot see one, but quite a few competing ones and I am scared of them all.

Will a super directory help? Shall a superior authority dictate which one is the lucky survivor? Shall we let live , uh... find a way?

I am not super-smart but I have this itch that the cambric tooling explosion is not as helpful as it may seem. Or maybe I am just old and grumpy and angry for finding it hard to keep up.

Now, if you excuse me, I need to look for yet another "package manager done right" because it is time to update some programs just in case one of them if selling my soul to foxy alien scammers.

share class ,