|
|
|
|
|
|
by jjav
1476 days ago
|
|
|
Very much this. An external dependency gives you the free puppy, but the ongoing work is still yours. One of the items, as you describe, is that external dependencies introduce unpredictable change on a timeline which is entirely out of your control. A particularly annoying example that has happened many times is there is an exploit in library A which is now fixed in the latest version so we much upgrade. Oh but the latest version also bumps the dependency of some other library it uses to a version that removed a key feature we need. Infosec says you must fix the vulnerability immediately and of course the product team isn't willing to compromise on the feature loss. Oops. When you own the code you own these decisions. Of course, some library projects are run very professionally and maintain a strict observance of compatibility within major releases, a long deprecation announcement process and so on. Other library projects, not so much. Definitely favor depending on the first kind and avoid the second kind. |
|
|