Reply to post: Re: 'a bare minimum would be forking'

You can resurrect any deleted GitHub account name. And this is why we have trust issues

Anonymous Coward
Anonymous Coward

Re: 'a bare minimum would be forking'

What do you do with your forked dependency's dependencies? You fork them too? And *their* dependencies? And their dependencies dependencies? And...

That's precisely why you keep local copies of them all, how else do you avoid falling into dependency hell?

Just to take one small example, imagine that you have some components which depend on OpenSSL 1.0.2. One day one of them gets updated, and now needs OpenSSL1.1. You don't actually need any of the changes in the new version, but it gets pulled down automatically, and with that it upgrades OpenSSL to 1.1 to meet its dependencies.

Unfortunately 1.0.1 and 1.1 are not compatible, the APIs changed, so every other component in your build that requires OpenSSL will break. Keeping your own fork, and only upgrading if & when you need to, when you can avoid such issues, is only common sense. Something severely lacking in these Agile DevOps days, it would seem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019