Best practise for passing time as arguments
Marko Rauhamaa
marko at pacujo.net
Sat Oct 14 16:57:27 EDT 2017
Chris Angelico <rosuav at gmail.com>:
> On Sun, Oct 15, 2017 at 5:20 AM, Marko Rauhamaa <marko at pacujo.net> wrote:
>> Even better:
>>
>> sudo dnf install python3-pytz
>
> How is that better? It's the same thing, packaged differently, and
> thus only available on Red Hat-family systems, and depends on the
> update cycle of your OS.
Use the native updater your distro.
Several nice things follow from the OS packaging:
* You don't have to have *two* separate security update/bug fix
streams. Once you've added pytz to your OS package collection, you'll
get updates with the routine OS updates.
* You have the benefit of a major outside entity vetting your packages.
PyPI doesn't have any such oversight: <URL: https://arstechnica.com/in
formation-technology/2017/09/devs-unknowingly-use-malicious-modules-pu
t-into-official-python-repository/>.
(Of course, one shouldn't overestimate the security of
volunteer-maintained distros, either, but PyPI allows anybody to
submit any junk they want.)
* If you want to release your software to others, your third-party
dependency statement becomes more concise and possible more
acceptable to your customer. Also, you don't have to ship the
third-party package yourself.
Your customer likely knows how to update native distro packages, but
may not be familiar with Python and its ecosystem. Depending only on
the distro relieves you from educating your customer about PyPI.
Marko
More information about the Python-list
mailing list