Perl Modules: CPAN vs Yum

Alan Young alansyoungiii at gmail.com
Tue Jul 3 17:28:03 MDT 2012


On Tue, Jul 3, 2012 at 4:30 PM, Jared Smith <jaredsmith at jaredsmith.net> wrote:
> There are several compelling reasons not to bundle libraries, but the
> one that sticks out the most in my mind is when a security problem is
> found in one of the bundled libraries.  You essentially have to go
[snip a number of valid reasons for sysadmins to not like bundling and
alien packages]

I understand the sysadmin perspective as well as anyone can who
doesn't have to administer anything more than some desktop and dev
boxes.  I even agree with it.  To a point.

>From a developer's perspective, we have requirements we have to meet;
features, deadlines, etc, just like sysadmins.  If we have to reinvent
the wheel because we're denied access to new technology--in the form
of updated or new libraries--then we will effectively be forking
existing code anyway, development time will increase (possibly
dramatically), and it won't be anywhere near as secure or stable as
the existing code we could be using, e.g., the CPAN.

If sysadmins and dev's cannot come to a *reasonable* compromise then
one side or the other ends up having way too much power because higher
ups make arbitrary decisions, leaving the other side in a miserable
situation.

I agree that some things make our jobs harder, but it's not a valid
reason to allow, or not allow something to happen.  It's our job to
make things work.
-- 
Alan Young


More information about the PLUG mailing list