Language Registries Are Unstable by Default

The article argues that language package registries (like npm, PyPI, RubyGems) are inherently unstable because they allow any version to be published at any time, making reproducibility difficult. It compares this to Debian's "unstable" repository, suggesting that developers should treat default registries as unstable and pin dependencies or use lockfiles to ensure consistent builds.