songbird wrote: > Dan Ritter wrote: > ... > > Many of the language-specific tools have a tendency to > > automatically acquire the latest version of a library or module > > every time they are invoked, or to spit errors if they can't > > pull down the version that they were asked to get. That's rather > > troublesome. > > if you are that exposed it sounds kinda risky as a > business practice (i.e. not one i would engage in).
I'm warning people against it. Sadly, it is widespread among the sort of startup that seeks to extract money from a margin between the cost of their AWS instances and revenue from showing ads. > > Having a local apt repository with all the versions of a > > library that you've actually used, so you can re-deploy an old > > one exactly the way it was or install a fixed version across > > a set of machines is very, very useful. > > if you are dependent upon code it would sound to me to > be rather foolish if you did not have some kind of version > control and release processes where you tracked your code > and the libraries/dependencies. These are not exclusive, and indeed are complementary. > if you are a big enough company that can afford to have > people doing that and maintaining them, but to me it seems > more reasonable to just do version control processes and > track your releases. ... yes, that's what we do. Taking advantage of the Debian infrastructure tools. Because they're good. -dsr-