You want to talk loaded comments? You're reducing "I'm glad to move away from a project that breaks functionality for all users with no notice" to a quibble over an SSL certificate change.

That npm as a project thought this was the correct way to handle this kind of transition is very unsettling.

Yeah, because no one ever had any problems with Maven, that thing is like package heaven, it's all rainbows and unicorns!

It's really disappointing to see this sort of "reasoning" used so often these days.

Just because somebody points out serious flaws or problems with one technology does not automatically mean that he or she thinks that other, unrelated-yet-similar technologies aren't flawed or are somehow perfect.

> I'm glad we've started to move away from node.js and started to use Java.

That is what I was responding to directly. The implication from the statement was that npm flaws (i.e certificate changes that break everything) is a good reason to switch to Java.

It isn't at all a good reason to switch to java, as java's equivalent would easily waste more time than even this rather embarrassing certificate problem with npm.

> unrelated-yet-similar technologies

It is related, and similar, it is a like-for-like comparison between nodejs package management and java package management.

> It isn't at all a good reason to switch to java, as java's equivalent would easily waste more time than even this rather embarrassing certificate problem with npm.

Works fine for me. Has a healthy ecosystem of 3rd-party artifact repository implementations.

> It isn't at all a good reason to switch to java, as java's equivalent would easily waste more time than even this rather embarrassing certificate problem with npm.

As someone who has used it daily for the past 5.5 years - not really. That said, I'd prefer something like Gradle, but I can't fault Maven for just working, goddamnit.

How is that comparison at all relevant?

> I'm glad we've started to move away from node.js and started to use Java.

I'm not sure you get how threading works, but this thread originated from the above quote. And comparing npm with Maven given the above statement is relevant, given it is the primary "Package management" system for Java, much like npm.

I perfectly well understand how threading works. Read the rest of the comment that you cherry picked that quote from, it's about being upset at how npm doesn't seem to be taking it's responsibility seriously.

If you had some information about Maven callously performing a user-hostile update, the comparison would be appropriate. As it is you're just relying on "lolz, Java sucks" as a form of argument.

No, I'm really not. I don't think java sucks at all, and never said as such.

I'm saying Maven isn't better, nor would npm's mistake be a good reason to switch from to Java from Node.

npm didn't perform a user-hostile update, they made a mistake with certificate authorities.

How many 0-days have forced a java upgrade on people... was that a 'user hostile' move by sun/oracle.

I think your line of reasoning is utterly ridiculous, and you are responding to words I didn't say.

He never said he was changing because of this issue. (Logically, if he's already been changing over then it can't have been because of an issue that just happened)

"Tell us all about how awesome it is building apps in Java!" sounds like a pretty loaded comment to me though.

In the last 5 years maven (Central) hasn't given me a cert or pgp error. Building 50 times a day in Java is running just fine ;) Of course it could happen in theory to any such similar system such as NuGet if people decided to yank the rug out from under their user base.

> Changing your programming environment over an SSL certificate?

That's not at all what he said.