Till Maas <[email protected]> writes: >> The downside of option-2 is what would we do if a security vulnerability > > Another downside, which is what led me to start the discussion, is that > this makes weewx different from other Python projects which makes my > generic Python/Linux experience less useful because everything is > different. So somehow it seems that this discussion drifted to solve a > different problem, not sure what it is exaclty.
Packaging systems basically view a package bundling dependencies as a bug and patch it out. That way -- the normal dependency way -- a bug in a dependency can just be patched and that dependency updated. With bundled ones, you have to find them all and patch them all. Really weewx would then be obligated to make a very fast point release every time this happened. I think it's bad practice to bundle dependencies, and the perceived need to do so is a clue that there is a problem. -- You received this message because you are subscribed to the Google Groups "weewx-development" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-development/rmiwo5hq9yu.fsf%40s1.lexort.com.
