Re: "Avoiding the vendor perl fad diet"

To: Damyan Ivanov <dmn@debian.org>
Cc: Michael Alan Dorman <mdorman@ironicdesign.com>, debian-perl@lists.debian.org
Subject: Re: "Avoiding the vendor perl fad diet"
From: Gabor Szabo <gabor@szabgab.com>
Date: Tue, 31 Jan 2012 14:48:47 +0200
Message-id: <[🔎] CABe4FJApO8DEQziK7DMpPfojo_w6TEZMDESWOPwQFqG095V_wQ@mail.gmail.com>
In-reply-to: <[🔎] 20120131103927.GB9786@ktnx.net>
References: <[🔎] op.v8phdrwzs5ttvb@cn01> <[🔎] 8762fy9ptg.fsf@ironicdesign.com> <[🔎] 4F227724.8090007@linuxia.de> <[🔎] 87aa598ehl.fsf@ironicdesign.com> <[🔎] CABe4FJCX8fG8Mb5YGUQwYO7C2w5DpsEscayDUP5PRmkPQHtgzQ@mail.gmail.com> <[🔎] 871uql80c3.fsf@ironicdesign.com> <[🔎] CABe4FJA7fDrrvP3iie9Fu5=zWVOkqKpJzSj6cJCKKEN+YmMLHA@mail.gmail.com> <[🔎] 20120131103927.GB9786@ktnx.net>

On Tue, Jan 31, 2012 at 12:39 PM, Damyan Ivanov <dmn@debian.org> wrote:
>> So I recently thought how to solve this.
>> One solution could be to use separate local::lib directories for each
>> application. That would include some duplicate module installations
>> but that would reduce the risk.
>
> You seem to have re-invented the Ruby gems hell :)
>
> Bundling your application with the versions you know are working is
> bad. You sacrifice security upgrades and bug-fixes that somebody else
> does for you. And, sooner or later you will have to upgrade. Better
> make that part of the whole process than some extraordinary event.
>
> Better spend resources making sure any upgrades are harmless, probably
> by having a test environment, or always using the latest version when
> developing (so that you can catch any problems early). Any
> incompatibility is either a bug and should be fixed, or applications
> should be adapted.

That sounds good in theory but cannot be always followed.
There are limited resources any given time. One cannot re-test
every application, every time and, especially with older applications,
test coverage might be very low.

That means any unnecessary change is an unnecessary risk.
[1]

> Here's my recipe for deploying Perl applications:
>
>  * ensure every dependency is packaged for Debian. If not, package it
>   (this was why I joined the Debian Perl group :)
>  * develop with current versions from Debian/unstable
>  * deploy application as a Debian package, with proper dependencies
>  * profit
>
> Works very nice even for applications that have only one instance in
> production and is a killer for multi-instance deployments.

Running Debian/unstable on a production machine sounds very risky.
If I understand, that means a lot of things are unstable
and I constantly need to upgrade. Even the kernel.
Which means frequent reboots as well. Right?


Gabor
[1] It's interesting that sometimes I am in the opposite position and
managers tell me about
the risk and why they don't want to upgrade :)

Reply to:

Follow-Ups:
- Re: "Avoiding the vendor perl fad diet"
  - From: "Stefan Hornburg (Racke)" <racke@linuxia.de>
- Re: "Avoiding the vendor perl fad diet"
  - From: Damyan Ivanov <dmn@debian.org>

References:
- "Avoiding the vendor perl fad diet"
  - From: "Cosimo Streppone" <cosimo@streppone.it>
- Re: "Avoiding the vendor perl fad diet"
  - From: Michael Alan Dorman <mdorman@ironicdesign.com>
- Re: "Avoiding the vendor perl fad diet"
  - From: "Stefan Hornburg (Racke)" <racke@linuxia.de>
- Re: "Avoiding the vendor perl fad diet"
  - From: Michael Alan Dorman <mdorman@ironicdesign.com>
- Re: "Avoiding the vendor perl fad diet"
  - From: Gabor Szabo <gabor@szabgab.com>
- Re: "Avoiding the vendor perl fad diet"
  - From: Michael Alan Dorman <mdorman@ironicdesign.com>
- Re: "Avoiding the vendor perl fad diet"
  - From: Gabor Szabo <gabor@szabgab.com>
- Re: "Avoiding the vendor perl fad diet"
  - From: Damyan Ivanov <dmn@debian.org>

Prev by Date: Bug#658109: ITP: libsvn-class-perl -- manipulate Subversion workspaces with Perl objects
Next by Date: Re: "Avoiding the vendor perl fad diet"
Previous by thread: Re: "Avoiding the vendor perl fad diet"
Next by thread: Re: "Avoiding the vendor perl fad diet"
Index(es):
- Date
- Thread