[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bringing CPAN,Gems, PIP, PyPi, etc. under APT package management

songbird wrote: 
> Dan Ritter wrote:
> ...
> > Many of the language-specific tools have a tendency to
> > automatically acquire the latest version of a library or module
> > every time they are invoked, or to spit errors if they can't
> > pull down the version that they were asked to get. That's rather
> > troublesome.
> 
>   if you are that exposed it sounds kinda risky as a 
> business practice (i.e. not one i would engage in).

I'm warning people against it. Sadly, it is widespread among the
sort of startup that seeks to extract money from a margin
between the cost of their AWS instances and revenue from showing 
ads.

> > Having a local apt repository with all the versions of a
> > library that you've actually used, so you can re-deploy an old
> > one exactly the way it was or install a fixed version across
> > a set of machines is very, very useful.
> 
>   if you are dependent upon code it would sound to me to
> be rather foolish if you did not have some kind of version
> control and release processes where you tracked your code
> and the libraries/dependencies.

These are not exclusive, and indeed are complementary.

>   if you are a big enough company that can afford to have
> people doing that and maintaining them, but to me it seems
> more reasonable to just do version control processes and
> track your releases.

... yes, that's what we do. Taking advantage of the Debian
infrastructure tools. Because they're good.

-dsr-
Reply to: