Re: Bringing CPAN,Gems, PIP, PyPi, etc. under APT package management
songbird wrote:
> Dan Ritter wrote:
> ...
> > Many of the language-specific tools have a tendency to
> > automatically acquire the latest version of a library or module
> > every time they are invoked, or to spit errors if they can't
> > pull down the version that they were asked to get. That's rather
> > troublesome.
>
> if you are that exposed it sounds kinda risky as a
> business practice (i.e. not one i would engage in).
I'm warning people against it. Sadly, it is widespread among the
sort of startup that seeks to extract money from a margin
between the cost of their AWS instances and revenue from showing
ads.
> > Having a local apt repository with all the versions of a
> > library that you've actually used, so you can re-deploy an old
> > one exactly the way it was or install a fixed version across
> > a set of machines is very, very useful.
>
> if you are dependent upon code it would sound to me to
> be rather foolish if you did not have some kind of version
> control and release processes where you tracked your code
> and the libraries/dependencies.
These are not exclusive, and indeed are complementary.
> if you are a big enough company that can afford to have
> people doing that and maintaining them, but to me it seems
> more reasonable to just do version control processes and
> track your releases.
... yes, that's what we do. Taking advantage of the Debian
infrastructure tools. Because they're good.
-dsr-
Reply to: