villebro commented on issue #31026: URL: https://github.com/apache/superset/issues/31026#issuecomment-2541936822
> Why can't `psycopg2` just be bundled in the image? The docs suggest to create a derived image, but using a postgresql backend is not only an extremely common use-case for Superset There isn't really any harm in bundling a few database libs with the image for convenience, especially ones needed for the typical backends for superset itself. @martimors sadly this is a bit of a slippery slope, as Superset supports some 40+ databases currently. As you will anyway need to figure out a way to add drivers for your other database drivers, prebaking `psycopg2` into the image is not necessarily a good solution for the following reasons: - It adds to the image size. - It introduces an unnecessary attack vector for envs that don't need `psycopg2` if an exploit exists in it. - Users may run into dependency issues if the pre-baked version of `psycopg2` has conflicting requirements with whichever db driver someone wants to install. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
