[anton_gogolev]

It's one thing when one temporarily loses access to remote repositories for pushes. Quite bearable, because you can exchange code across your corporate network using patches and whatnot. And it's totally different when you cannot friggin build anything because package managers grab dependencies directly off of GitHub.

[msbarnett]

This is more an argument for caching or vending dependencies than anything else.

If the ability to make builds is critical to your org, making your build process depend on the availability of third-party services over which you have no control is going to end in tears.

[banku_brougham]

This is it. Production builds have to have dependencies hosted internally, not all over the web.

[saidajigumi]

Agreed. The modern ease of pulling in third-party dependencies, while wonderful in its way, has gotten so easy that even "simple" applications require automated caching infrastructure. E.g. if you just fork your top-level dependencies, you won't pick up any of your recursive dependencies.

I suppose we all need package manager and git/VCS aware recursive forking/caching tools now. E.g. works with npm, gem, etc. and recursively forks your entire dependency chain.

And to think that I managed that sort thing of entirely by hand some years back. (For C/C++ libs, then, so far more manageable.)