Python libraries and backwards compat [was Re: What would it take to make Software Collections work in Fedora?]

[Nicolas Mailhot]

Hi,

I find it sad that people are still arguing for the developer-oriented "I
only care about making application Y as easy to maintain on a wide variety
of platforms as possible", and dismiss sysadmin security concerns as too
inconvenient to follow, at the very same time one of the biggest
proponents of this model, Oracle, is frantically trying to root out and
eradicate all the old versions of its software due to exploitation in the
wild of its security flaws.

I'd think that would invalidate the approach pretty thoroughly (and to be
fair Oracle inherited most of the mess from a Sun that didn't dare face
developers with hard decisions. It is *no* coincidence that most problems
are found in the java plugin, which was 'too hard' to open-source properly
and that broke every single software project management rule in order to
attract java developers).

Are people still naïve enough to think shit only happens to the guy next
door?

When they'll have finally made every local app too unsafe to run, and
forced everyone to use a daily-updated chrome, streaming apps from
entities employing sysadmins that force their developers to update their
deps in a timely manner, do they think their platform will still be
relevant?

Because this is what *I* am seeing in the market: slow pruning of entities
unable to cope with modern security concerns, and hardening of "you shall
not take the easy developer path" everywhere else.

The longer you postpone security concerns the harder they are to handle,
and the harder they are too handle the less competitive you get compared
to others with better security hygiene.

-- 
Nicolas Mailhot