Y
Hacker News
new
|
ask
|
show
|
jobs
by
yegle
37 days ago
Vendorizing using git submodule should be a robust mitigation for this problem.
3 comments
no-name-here
37 days ago
Wouldn't locking dependencies be far more likely for dependency-users to do, and be approximately as effective for those that do?
link
raggi
37 days ago
subtree is better for this case, you want to encourage actual reading before running. reading won't catch everything but it catches a lot, and the burden isn't as high as people always complain about before they try it.
link
saghm
37 days ago
This feels like the modern analog of the king, the mice, and the cheese. What cats do I need to bring in to eat my git submodules?
link