I worked at a place that required vendoring dependencies and had to be code reviewed just like it was your own. In fact, we were responsible for fixing any bugs in them ourselves. Sometimes this was just a matter of opening an issue, sometimes it required backporting the fix to our version, and sometimes it meant we took over a fork because the dependency was no longer maintained.
There were too many cases where I looked at the PR preview to do my own code review and decided to just write it myself. There is a ton of shitty code out there. More than you'd expect.
We went with Qt, CMake and modern C++ for https://ossia.io in 2013 knowing that it would be a long term effort for an extensively extensible linux/mac/windows desktop software aiming to do real-time audio, visuals and networking and so far this "classic" stack keeps on giving and allowing me to ship regular features and improvements, here's to the next ten years :) in the meantime I can't count how many techs and frameworks I've seen come and go but these are here to stay.
> I’ve personally been burned on Python by the last bullet point where one of the dependencies required version 3.14 or less of module such and such, and another dependency needed 3.15 or higher.
This is what people used to call “DLL Hell,” in Microsoft Windows.
COM was supposed to fix that, but I don’t think it worked especially well.
It required the re-implementation of stable interfaces as the components updated in version number; not everyone did that. I guess. A case of good plan, lazy execution.
Where I work now basically does quarterly deployments. We service enterprises that generally outsource their development work. So we deploy pretty regularly to a staging environment and deliver documentation weeks/months before we actually deploy it. The exception to that rule is for hotfixes, which is also extremely rare. Like 2-5 times per year.
I worked at a place that required vendoring dependencies and had to be code reviewed just like it was your own. In fact, we were responsible for fixing any bugs in them ourselves. Sometimes this was just a matter of opening an issue, sometimes it required backporting the fix to our version, and sometimes it meant we took over a fork because the dependency was no longer maintained.
There were too many cases where I looked at the PR preview to do my own code review and decided to just write it myself. There is a ton of shitty code out there. More than you'd expect.
We went with Qt, CMake and modern C++ for https://ossia.io in 2013 knowing that it would be a long term effort for an extensively extensible linux/mac/windows desktop software aiming to do real-time audio, visuals and networking and so far this "classic" stack keeps on giving and allowing me to ship regular features and improvements, here's to the next ten years :) in the meantime I can't count how many techs and frameworks I've seen come and go but these are here to stay.
> I’ve personally been burned on Python by the last bullet point where one of the dependencies required version 3.14 or less of module such and such, and another dependency needed 3.15 or higher.
This is what people used to call “DLL Hell,” in Microsoft Windows.
COM was supposed to fix that, but I don’t think it worked especially well.
It required the re-implementation of stable interfaces as the components updated in version number; not everyone did that. I guess. A case of good plan, lazy execution.
What I found mostly curious is I didn't even knew phyton 3.15 had already released
Good vibe-check on my day to day work in web tech. Sometimes I wonder how web deployments would work if we still deployed quarterly, yearly, etc.
Where I work now basically does quarterly deployments. We service enterprises that generally outsource their development work. So we deploy pretty regularly to a staging environment and deliver documentation weeks/months before we actually deploy it. The exception to that rule is for hotfixes, which is also extremely rare. Like 2-5 times per year.
Would be awesome if we had some actual proof (science) backing this up. Anyone?