<div class="gmail_quote">On Fri, May 7, 2010 at 2:43 AM, Antonio Cavallo <span dir="ltr"><<a href="mailto:a.cavallo@cavallinux.eu">a.cavallo@cavallinux.eu</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Beside the technical reasons, from a network administration point of view<br>
is a bad way to replace a native way to install things. Plenty of company<br>
have developers without administrator privileges on a machine.<br>
<br>
All of a sudden if you are a syadmin and must know what is installed<br>
on a remote machine (possible in another continent) you could not use<br>
any longer the standard system tools (rpm -qi on linux) but you need<br>
to be logged as the developer and go figuring out the way he/she<br>
installed things.<br>
<br>
Again I suggest to stay away from anything that relies on setuptools, that<br>
is my professional experience, and I haven't seen any (good) reason<br>
to suggest the contrary: you needs might be different.<br></blockquote><div><br></div><div>I agree that using native operating system tools to install packages is a good thing. There's one big problem with that though: it becomes near impossible to sandbox packages into their own virtualenvs. This is important to us because we have multiple packages that may rely upon different versions of different packages.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Traceability is I give you the "product" (in business lingo "deliverable") now the questions are:<br>
- What it depends upon? python + module foo version X + module bar version Y and so on.<br>
- How do I rebuild it if you company goes bankrupt (I hope not but it is an eventuality)?<br>
- Is there any hidden backdoor any of you employee has put in one of the many component?<br>
- How do we get the name of the offender if that happen?<br></blockquote><div><br></div><div>I suppose I can see the benefit of having dependencies in version control. I'm not sure I like the idea of ruling things with an iron fist though. I could see managing dependencies and managing the build process turning into a full time job. I suppose there may be benefits to that, but whether or not we can dedicate a person to it is a decision that is well above me. :-)</div>
</div>