Perl Modules: CPAN vs Yum

Alan Young alansyoungiii at
Tue Jul 3 17:28:03 MDT 2012

On Tue, Jul 3, 2012 at 4:30 PM, Jared Smith <jaredsmith at> wrote:
> There are several compelling reasons not to bundle libraries, but the
> one that sticks out the most in my mind is when a security problem is
> found in one of the bundled libraries.  You essentially have to go
[snip a number of valid reasons for sysadmins to not like bundling and
alien packages]

I understand the sysadmin perspective as well as anyone can who
doesn't have to administer anything more than some desktop and dev
boxes.  I even agree with it.  To a point.

>From a developer's perspective, we have requirements we have to meet;
features, deadlines, etc, just like sysadmins.  If we have to reinvent
the wheel because we're denied access to new technology--in the form
of updated or new libraries--then we will effectively be forking
existing code anyway, development time will increase (possibly
dramatically), and it won't be anywhere near as secure or stable as
the existing code we could be using, e.g., the CPAN.

If sysadmins and dev's cannot come to a *reasonable* compromise then
one side or the other ends up having way too much power because higher
ups make arbitrary decisions, leaving the other side in a miserable

I agree that some things make our jobs harder, but it's not a valid
reason to allow, or not allow something to happen.  It's our job to
make things work.
Alan Young

More information about the PLUG mailing list