Duplicates of third-party libraries (was: When will Python 3 be fully deployed)

[Ben Finney]

"Martin P. Hellwig" <martin.hellwig at dcuktec.org> writes:

> If the fear of customers disatification prevents you from using a
> certain version of X, you should consider a deployment strategy that
> cuts out dependencies as much as possible. Although this will result
> in a larger end package and possible high amount of duplication, it is
> still preferable to just stop supporting popular platforms or be
> swamped away with bugs due to version mismatches.

Along with the duplication this introduces, it also means that any bug
fixes — even severe security fixes — in the third-party code will not be
addressed in your duplicate. This defeats one of the many benefits of a
package management operating system: that libraries, updated once, will
benefit any other package depending on them.

Please reconsider policies like including duplicates of third-party
code. Don't Repeat Yourself is a good principle not just within source
code, but has important security implications within the operating
system packages too.

-- 
 \     “Our task must be to free ourselves from our prison by widening |
  `\    our circle of compassion to embrace all humanity and the whole |
_o__)                       of nature in its beauty.” —Albert Einstein |
Ben Finney