| ▲ | madeofpalk 2 hours ago | |
What would a solution to this look like? What would it take to not fear installing software? This isn't a npm problem, its a computing problem in general. Spaces like this are generally pretty against any sort of restrictions or limitations being put on computers under the name of safety (see Manifest v3) | ||
| ▲ | dwoldrich an hour ago | parent | next [-] | |
For libraries, I like the Gnu Affero Public License[1]. If you run the library in software with that license, you have to publish all the source of the entire project that incorporates it. No corporation could tolerate this, though, so the library vendor can negotiate a commercial license of their software for appropriate fees. That said, corporations are not going to want to negotiate fees with 100's of vendors over constantly fluctuating dependencies in their software. This is why the next big language/software ecosystem needs to integrate payments to vendors in their repository system. That way, commercial license management can occur between the ecosystem owners and the corporate customers and all the vendors get paid their fair share. Similar to Amazon's Dynamo API, whatever the next big language/ecosystem is needs to be designed around _billing_ and automatic license management for # of deployments, seats, call volumes, etc. [1] https://web.archive.org/web/20260712154038/https://www.gnu.o... | ||
| ▲ | jchw 2 hours ago | parent | prev [-] | |
Manifest v3's actual motive was so shamelessly transparent that most of us just don't allow the "safety" argument for it to really be entertained. I don't have a suspension of disbelief rich enough to pretend I don't know. | ||