| ▲ | singpolyma3 4 hours ago | |
Do the versions of the dependencies that you used no longer exist anywhere? | ||
| ▲ | em-bee 3 hours ago | parent | next [-] | |
they exist, but they are likely unmaintained, and may have known security issues. i have a project that suffers from that. the version of a library it is built with is old and unsecure, but the newer supported version has a completely different API that would require me to rewrite the code that uses the library. i had a second such case where i discovered a fork of the old version of the library which was still maintained. otherwise there too a rewrite would have been required. | ||
| ▲ | jonnyasmar 4 hours ago | parent | prev | next [-] | |
Fair counter, and that's the right stance. The tax I'm pointing at is the implicit social one: feeling like you owe a response. Plenty of publishers get burned out before they figure out your model. | ||
| ▲ | ryukoposting 3 hours ago | parent | prev [-] | |
In my experience, the most common problem is that a dependency changes. It drops support for something, API changing, etc. If it's 3 dependencies deep, and one of the deps in the middle isn't maintained anymore, well... | ||