Proposal to reduce anti-bundling requirements
Matěj Cepl
mcepl at cepl.eu
Sun Sep 13 21:30:13 UTC 2015
On 2015-09-13, 20:23 GMT, Haïkel wrote:
> The Java world is definitively not moving in the right direction.
https://en.wikipedia.org/wiki/Java_Module_System is IMHO The
Right Thing™ and it is still on the list of deliverables for
Java 9 (still to be feature complete on 2015-12-10).
> Recently, the new trend among python developers is to follow
> Kenneth Reitz stupid habit to bundle all dependencies in
> his modules though we have pip and ability to pin versions!
Sigh ... Why I am not surprised? I thought that python-requests
(or how to replace half and hour of reading documentation with
1MB bundled with your app) is the only silly thing he did to the
Python world.
> If you care about purity, I care about all those hidden bundled
> libs carrying CVE shipped in Fedora that are not properly referenced
> and tracked security team.
Is it http://is.gd/FRkDhs or do you have any more of them?
Yes, you are right, we should do something about these.
Best,
Matěj
--
http://www.ceplovi.cz/matej/, Jabber: mcepl at ceplovi.cz
GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC
SCSI is *not* magic. There are *fundamental* *technical*
reasons why you have to sacrifice a young goat to your SCSI
chain every now and then.
-- John F. Woods
More information about the devel
mailing list