On Friday, June 19, 2020 at 8:09:04 AM UTC-4, Neil Van Dyke wrote: > > For an important production system, you probably want the source of any > third-party packages on which you depend to be in Git (or another SCM > system) that you control. > > You might also want to audit those packages yourself, as well as audit > any new version changes to them, before you push to production. > > After you do those things in SCM, depending how you do it, you *might* > find it's more convenient to simply load the third-party code you need > using the module system `require` only, without an additional package > system. >
While I see some benefits of this approach, I just looked at a typical Rails project of mine, and it has over 160 packages with some packages depending on different versions of other packages, etc., so I think managing all of this myself in git might be overly burdensome. Granted, my current Racket apps have far fewer dependencies, but I expect that may increase over time. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-users/32b8f70a-4033-43db-aca3-b30b9023f3a3o%40googlegroups.com.
