Hacker News new | past | comments | ask | show | jobs | submit login

To not bundle dependencies, use the Java packages in Debian stable and if you find one with a missing feature or unfixed bug, then backport that from Debian unstable or from upstream.



Debs and Rpms are fine for configuring the machine, as soon as you have it where machines and application services aren't a 1:1 relationship that will lead you in the direction of dependency hell. As each application will want slightly different versions you'd have to be very careful which version you installed.

You can cheat a little. For example I am using some system debs for python packages, but if there were more than a handful of python utility packages that can get unmanageable fast. That leads naturally to the fat jar/virtualenv/static binary approach with manually managed dependencies which gives you isolation between applications, and all the associated costs.


Why do applications want different versions of libraries instead of being portable?


It's very common to have breaking changes that you need to carefully manage in a company's internal code, and where managing that as a full-on deprecation isn't worth the effort. Moving faster is often the better choice compared to never refactoring and improving the codebase.


I think I would prefer to base on proven libraries with stable interfaces. Do you have any examples of these breakages?


I'm talking about internal libraries of a company, where there is no proven library with a stable interface as it's continuously evolving - similar to a young library in the OSS world that has no reasonable substitute. It might be something like a new parameter to a function, or an additional method call you need to make in a given version.


Oh. Obviously for internal libraries you should do whatever you like, including bundling. I thought you were talking about open source libraries.


Applications that are written specifically in order to be run on the servers of a given company instead of being written to be general purpose have vastly different tradeoffs involved when it comes to choosing dependencies.


I think this is a big problem in the Java world, possibly more so than many other languages/communities.


this is the best case you could make for installing Gentoo. Dependency Hell is no longer an issue. :)


And when the library is not packaged in the repo, should I then build the package myself ?

If we were in an ideal world we would do that, but unfortunately we're not, and in my experience it's way easier for the dev AND for the sysadmin to use Maven and build a fat jar.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: