[python-uk] Reviewing third-party packages
Steve - Gadget Barnes
gadgetsteve at hotmail.com
Fri Jul 28 00:54:52 EDT 2017
On 28/07/2017 00:27, PyUK at getaroundtoit.co.uk wrote:
> S, (Andy and Mike)
>
> Yes, you've hit a couple of pertinent points; and it might make for an
> interesting project.
>
> However, I was looking for a check-list or similar which I can give to
> the pertinent dev.teams to ensure that they are 'covering all the bases'
> - whereas the question: "have you checked 'everything'?" produces a
> rather predictable response.
>
> I'm thinking someone wiser than I will have written these things down -
> just can't find such...
>
>
As a starting point, my personal mini-checklist, for considering
including packages:
1. Licensing: Is the project only ever going to be internal? If there is
any chance of it's being included in a commercial deliverable then the
licence and all of it's dependencies must be "Apache or better" and have
a chart of the acceptable permissive licences vs. usage. Basically the
licences that we generally have green flags for are MIT, BSD, CC-BY,
MMS-PL & PSF. With some yellow flags on Artistic/Perl & Apache.
2. A quick look at the project repository for indications of activity
such as recent check-ins, outstanding tickets, age of pull requests,
discussion levels & tone on tickets. (Call this an abandonware check).
3. The reputation, on-line & off, of the authors & maintainers.
4. Is it hosted on a host that hasn't announced its own demise.
5. Test coverage &/or Coverity
6. Do the requirements look reasonable for the nature of the package,
e.g. I wouldn't expect network or server type dependencies in a screen
shot package.
7. Ditto the imports
8. If there are none-Python elements are they about what I would expect,
i.e. things that you would expect performance issues with?
9. Support for Python 3 & 2 or at least a clear statement.
--
Steve (Gadget) Barnes
Any opinions in this message are my personal opinions and do not reflect
those of my employer.
---
This email has been checked for viruses by AVG.
http://www.avg.com
More information about the python-uk
mailing list