|
|
|
|
|
|
by horticulturist
13 days ago
|
|
|
We vendored all dependencies. Improved build reliability, reduced build times, allowed the rare in place modification (usually a security patch that only existed in an incompatible newer version), easy software bill of materials, reduced vulnerability to supply chain attacks, all of these were benefits. The other compelling point is giving up on semver and treating everything as distinct is how we approached things, because semver is not widely adopted nor accurate enough in practice to be worth the trouble of trusting and using it. |
|
|