potiuk commented on pull request #16935: URL: https://github.com/apache/airflow/pull/16935#issuecomment-878052739
Hey @thesuperzapper -> while explaining this on Slack, I realised that using dynamically installing packages is even more dangerours and disruptive for production services. We are going to add explicit warning in our docker stack documentation explaining it and I'd recommend you the same in your chart. It's quite irresponsible pattern actually, trading setup convenience with long-term security and stability of your production instance. A lot of poeple do not realise that (I only realised full extent of it when I thought a bit about it and looked at the past cases that actually happened that would have brought down production installations of Airflow if this pattern has been used). I think it would be good if we educate our users (I am going to explicitly mention this parameter and why it is dangerous in our talk this week with @kaxil ). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
