Best practise for passing time as arguments
Chris Angelico
rosuav at gmail.com
Sat Oct 14 17:06:41 EDT 2017
On Sun, Oct 15, 2017 at 7:57 AM, Marko Rauhamaa <marko at pacujo.net> wrote:
> Chris Angelico <rosuav at gmail.com>:
>
>> On Sun, Oct 15, 2017 at 5:20 AM, Marko Rauhamaa <marko at pacujo.net> wrote:
>>> Even better:
>>>
>>> sudo dnf install python3-pytz
>>
>> How is that better? It's the same thing, packaged differently, and
>> thus only available on Red Hat-family systems, and depends on the
>> update cycle of your OS.
>
> Use the native updater your distro.
>
> Several nice things follow from the OS packaging:
>
> * You don't have to have *two* separate security update/bug fix
> streams. Once you've added pytz to your OS package collection, you'll
> get updates with the routine OS updates.
>
> * You have the benefit of a major outside entity vetting your packages.
> PyPI doesn't have any such oversight: <URL: https://arstechnica.com/in
> formation-technology/2017/09/devs-unknowingly-use-malicious-modules-pu
> t-into-official-python-repository/>.
>
> (Of course, one shouldn't overestimate the security of
> volunteer-maintained distros, either, but PyPI allows anybody to
> submit any junk they want.)
>
> * If you want to release your software to others, your third-party
> dependency statement becomes more concise and possible more
> acceptable to your customer. Also, you don't have to ship the
> third-party package yourself.
>
> Your customer likely knows how to update native distro packages, but
> may not be familiar with Python and its ecosystem. Depending only on
> the distro relieves you from educating your customer about PyPI.
* You get into the habit of posting distro-specific (not just
OS-specific) commands to global mailing lists.
ChrisA
More information about the Python-list
mailing list