[python-uk] Reviewing third-party packages

Steve - Gadget Barnes gadgetsteve at hotmail.com
Fri Jul 28 00:54:52 EDT 2017 


On 28/07/2017 00:27, PyUK at getaroundtoit.co.uk wrote:
> S, (Andy and Mike)
> 
> Yes, you've hit a couple of pertinent points; and it might make for an 
> interesting project.
> 
> However, I was looking for a check-list or similar which I can give to 
> the pertinent dev.teams to ensure that they are 'covering all the bases' 
> - whereas the question: "have you checked 'everything'?" produces a 
> rather predictable response.
> 
> I'm thinking someone wiser than I will have written these things down - 
> just can't find such...
> 
> 

As a starting point, my personal mini-checklist, for considering 
including packages:

1. Licensing: Is the project only ever going to be internal? If there is 
any chance of it's being included in a commercial deliverable then the 
licence and all of it's dependencies must be "Apache or better" and have 
a chart of the acceptable permissive licences vs. usage. Basically the 
licences that we generally have green flags for are MIT, BSD, CC-BY, 
MMS-PL & PSF. With some yellow flags on Artistic/Perl & Apache.
2. A quick look at the project repository for indications of activity 
such as recent check-ins, outstanding tickets, age of pull requests, 
discussion levels & tone on tickets. (Call this an abandonware check).
3. The reputation, on-line & off, of the authors & maintainers.
4. Is it hosted on a host that hasn't announced its own demise.
5. Test coverage &/or Coverity
6. Do the requirements look reasonable for the nature of the package, 
e.g. I wouldn't expect network or server type dependencies in a screen 
shot package.
7. Ditto the imports
8. If there are none-Python elements are they about what I would expect, 
i.e. things that you would expect performance issues with?
9. Support for Python 3 & 2 or at least a clear statement.

-- 
Steve (Gadget) Barnes
Any opinions in this message are my personal opinions and do not reflect 
those of my employer.

---
This email has been checked for viruses by AVG.
http://www.avg.com

More information about the python-uk mailing list