Falsehoods programmers believe about package managers

Implementing mpm exposed me to many edge-cases and pitfalls of package management. Here is a list of falsehoods programmers believe about them.


  1. A package has a name.

  2. A package has only one name (see #26).

  3. A package name is unique.

  4. Package names are composed of ASCII characters.

  5. A package name is the same as its ID (see #11).

  6. There is only one way to install a package.

  7. Only one version of a package is available on a system.

  8. Shared dependencies are always compatible.

  9. Version selection is guaranteed to run fast.

  10. All packages have a version.

  11. Versioned packages are immutable.

  12. Packages can’t upgrade themselves.

  13. A package can be reinstalled.

Package managers

  1. Package managers provides the latest version of packages.

  2. Package managers provides clean packages.

  3. Package managers provides stable software.

  4. Only one instance of a package manager exist on the system.

  5. You can downgrade packages.

  6. A package manager can update itself.

  7. A package is found under the same name in different package managers.

  8. Package managers can resolve dependencies.

  9. All dependencies are provided by the package manager.

  10. Package managers have a CLI.

  11. Package managers behave the same across OSes and distributions.

  12. Package managers tracks installed versions.

  13. Package managers can track removed packages (see #17).

  14. Package managers are documented.

  15. A package manager has a version.

  16. A package manager check package integrity.

  17. Package managers are secure.

  18. Package managers can be unittested.

  19. Package managers can upgrade all outdated packages.

  20. Package managers are forbidden to upgrade other package managers.

  21. Packages are only managed by one package manager.

  22. Installing a package doesn’t require a reboot.

  23. Package manager output is consistent.

  24. A package manager can upgrade a package installed by the user.

  25. All users on the system have access to the package manager.

  26. Package managers do not remove user data.

  27. Package managers can bootstrap themselves.

  28. Package managers supports multiple architectures.

  29. You only need one package manager.


  1. Implementing a meta package manager is not a futile pursuit.

  2. Package managers don’t need their own conference.

See also