"Martin P. Hellwig" <martin.hell...@dcuktec.org> writes: > If the fear of customers disatification prevents you from using a > certain version of X, you should consider a deployment strategy that > cuts out dependencies as much as possible. Although this will result > in a larger end package and possible high amount of duplication, it is > still preferable to just stop supporting popular platforms or be > swamped away with bugs due to version mismatches.
Along with the duplication this introduces, it also means that any bug fixes — even severe security fixes — in the third-party code will not be addressed in your duplicate. This defeats one of the many benefits of a package management operating system: that libraries, updated once, will benefit any other package depending on them. Please reconsider policies like including duplicates of third-party code. Don't Repeat Yourself is a good principle not just within source code, but has important security implications within the operating system packages too. -- \ “Our task must be to free ourselves from our prison by widening | `\ our circle of compassion to embrace all humanity and the whole | _o__) of nature in its beauty.” —Albert Einstein | Ben Finney -- http://mail.python.org/mailman/listinfo/python-list