kou commented on issue #34457: URL: https://github.com/apache/arrow/issues/34457#issuecomment-1457440314
Thanks for clarifying your concern. I can understand your concern but the first approach will not change the situation. I think that here is a natural scenario for the first approach: 1. An user wants to install red-arrow gem 2. An user runs `gem install red-arrow` and it's failed with `You must run "brew install apache-arrow-glib"` error message because Apache Arrow GLib isn't installed (the first approach) 3. An user runs `brew install apache-arrow-glib` manually 4. An user runs `gem install red-arrow` again and it's succeeded I think that most users do 3. as instructed. Most users don't choose another approach for 3. such as building Apache Arrow GLib by themself. If an user does 3., `gem uninstall red-arrow` doesn't uninstall apache-arrow-glib formula. If most users do 3. manually, it's convenient for most users that it's done automatically by default. It's my thought: 1. An user wants to install red-arrow gem 2. An user runs `gem install red-arrow` and it's succeeded because `gem install red-arrow` runs `brew install apache-arrow-glib` automatically For advanced users, they can install Apache Arrow GLib by themself before they run `gem install red-arrow`. It prevents installing dependencies automatically. We may need "dry-run" mode for `gem install red-arrow` for advanced users. > the Python package takes the second approach (with binary distributions) Yes. And I have a security concern for the second approach as I said. For example, we released pyarrow 10.0.1 for OpenSSL's CVE-2022-3786: https://arrow.apache.org/blog/2022/11/22/10.0.1-release/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
