That is an issue for any language. If it is going into production then the installation needs to manage updates. That typically means that new release of external packages go through similar CM and QA management as the inhouse code does. You don't use the most recent release; you use the one that your shop has vetted.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Pew, Curtis G <[email protected]> Sent: Tuesday, March 19, 2024 2:24 PM To: [email protected] Subject: Re: Rexx numeric digits and scientific notation question On Mar 18, 2024, at 6:01 PM, Farley, Peter <[email protected]> wrote: The really tricky part of letting programmers use Python is how do they get the necessary non-standard libraries for themselves? I suspect most large shops will, in the name of “security”, prevent open access to the PyPi library repository, and no doubt highly control it in a bureaucratic snarl, with the actual breadth of available packages highly restricted to only those libraries that are “approved for use” in a locally maintained private repository. Sad to say, I can see the bureaucratic delays to get access to a library piling up already. We’ve licensed a package manager (Artifactory in our case, but I imagine there are others) and have configured pip so that it looks there instead of PyPI. This is mostly so we can manage local packages that we’ve developed just for use at the University, and it’s actually set up to proxy PyPI for packages it doesn’t have already, but I believe it could be used to only allow curated packages, which might help with the bureaucrats. -- Curtis Pew ITS Campus Solutions [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
