Timeline for Why prefer a package manager over a library folder?
Current License: CC BY-SA 4.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 14, 2018 at 19:12 | comment | added | Wesley Wiser | "With all that automated then maybe it's easier to upgrade dependencies but anyway I don't see why I would do that other than to solve a bug" Your dependencies have security vulnerabilities. I don't even need to know what your dependencies are, but I guarantee they have security issues especially if you haven't been updating them. | |
| Jun 13, 2018 at 13:56 | comment | added | Ant P | "We don't have them fully automated and the tool is too big to do it (it could take months testing it or automating it)" - there's your big problem. These tests should have been in place since the start. Your problem isn't that using package managers provides no benefits, your problem is that the context you're working in is too broken in other ways to allow you to enjoy them. | |
| Jun 13, 2018 at 8:35 | comment | added | Ignacio Soler Garcia | @17of26: we do not do complete regressions on every release, we don't have them fully automated and the tool is too big to do it (it could take months testing it or automating it). With all that automated then maybe it's easier to upgrade dependencies but anyway I don't see why I would do that other than to solve a bug. When I select a third party it already does what I need, otherwise I select a different one. | |
| Jun 12, 2018 at 23:10 | comment | added | Thorbjørn Ravn Andersen | And that's how it was in the good old days. I for one doesn't miss it. | |
| Jun 12, 2018 at 13:38 | comment | added | 17 of 26 | Do you not require regression tests on new software releases? Just update dependencies when you're already doing testing for a release. | |
| Jun 12, 2018 at 13:19 | comment | added | Sean Burton | Are these tests automated? Exactly how long do they take to run? Even if it takes 24 hours to run the full suite of tests, that still allows you to update dependencies every few days with little downside (even though you probably wouldn't do it quite that often in practice). Even if they're manual and unavoidable, using manual installation you could spend days running through tests only to find out they fail because you missed some dependency of a dependency, then you have to start over again after installing it, which wouldn't happen using package management... | |
| Jun 12, 2018 at 12:50 | comment | added | Ignacio Soler Garcia | We require complete regression tests (expensive) on every dependency update, otherwise we cannot warrant that we still work properly. | |
| Jun 12, 2018 at 12:47 | comment | added | 17 of 26 | Updating dependencies is something that's a lot less painful to do if you do it regularly. | |
| Jun 12, 2018 at 12:45 | comment | added | Ignacio Soler Garcia | Agree, that's the point 2 of the pro's. Anyway changing dependencies is something we rarely do (probably because of lacking proper automates regression tests). | |
| Jun 12, 2018 at 12:43 | history | answered | 17 of 26 | CC BY-SA 4.0 |