Duplicates of third-party libraries

Lie Ryan lie.1296 at gmail.com
Tue Dec 8 07:02:38 EST 2009 

On 12/8/2009 3:25 PM, Martin P. Hellwig wrote:
> Ben Finney wrote:
>> "Martin P. Hellwig" <martin.hellwig at dcuktec.org> writes:
> <cut>
>>
>> Along with the duplication this introduces, it also means that any bug
>> fixes — even severe security fixes — in the third-party code will not be
>> addressed in your duplicate.
> <cut>
> I disagree, what you need is:
> - An automated build system for your deliveries, something you should
> have anyway
> - An method of tracking versions of your dependencies, again something
> you should have anyway
> - And a policy that you incorporate bug fixes from your dependencies in
> your deliveries, something you should do anyway if you are serious about
> your product.

I disagree, what you should have is an Operating System with a package 
management system that addresses those issues. The package management 
must update your software and your dependencies, and keep track of 
incompatibilities between you and your dependencies.

The package management systems have in many popular Linux distro is 
close to it. The point is, those issues should not be your issue in the 
first place; the OS is the one in charge of coordination between 
multiple software (or else why would we have an OS for?).

In the Windows\b\b\b\b\b\b\b Real world, some OS let off *their 
responsibility* and told their users to manage dependency by their own. 
Obviously most users don't have the knowledge to do so, and the undue 
burden then goes to software developers. A software ideally shouldn't 
need to care about how the machine is configured ("Separation of Concern").

I never liked the idea of each software to have its own software 
updater, they are sign of bloated software. There should ideally be one 
software updater in the system ("Don't Repeat Yourself"). Many automatic 
updater by big companies is configured to run on computer startup and 
doesn't shutdown without an order from the Task Manager. They then 
reinstall their autorun entry in the registry when the user deletes 
them, trying to outsmart the user since they think the user is just 
ain't smart enough.

In my Windows computer, the only software I give my blessing to 
auto-update is the antivirus; anything else just bloats the system. A 
good-behaviored software would just notify me about update (e.g. 
OpenOffice and Pidgin), and even then only when I'm using the software 
(not every time you open your computer).

I'm glad I don't have such chaos when using my Gentoo or Ubuntu, the 
system software updater handles all those just fine.

More information about the Python-list mailing list