Hacker News new | ask | show | jobs
by bad_user 2500 days ago
The point is that it's not your Git repo, usually, when talking of dependencies, so it's not really about what you want.

SHAs can't be changed, but they can be deleted. And on GitHub, entire projects, usernames, orgs can be deleted. Or renamed. In case of a user rename, GitHub does maintain redirects for awhile. Until that username is taken by somebody else.
1 comments
ageofwant 2500 days ago
If that is a big concern you can fork. If you are building production systems with dependencies on eggs you can't find in pypi you probably should take control of those in your own copies. I can't recall once that I had to do that for things that I ask money for though... if its not in pypi its probably not worth using. And if it is useful, forking or just copying the module or package into your own code base takes care of any shifting dependencies.

So yea, does not seem to be a problem that actually exists.

link
bad_user 2499 days ago
> If that is a big concern you can fork

Surely you must be joking.

Yes it is a big concern and the solution is to use repositories that aren't so volatile.

link