Oddbean new post about login | logout My favorite aspect of CVE remediation hell is when you get a vulnerability notification and the suggested action is "none" because it hasn't been patched. My favorite aspect of software dependency hell is when you bump a library version and everything breaks because there's an undocumented incompatibility between a specific version of library X and a specific version of library Y.
Regarding the software dependency hell, the Nix and Guix package managers address the issue. In short, all packages are the output of pure functions (in the functional programming sense, like Haskell) and therefore different versions of the same library can be installed at the same time without conflicts. You can have say libc version X, version Y, and even variants like version X'. Each application will use the correct version. I use Nix.