Originally posted by darkonix
View Post
Both have their advantages. One of my previous companies had a submodule from some server in the eastern bloc that was down about 0.5% of the time, just often enough to be problematic. That mentality also lends itself to using various APIs from all over.. We had dependencies on cloud CircleCI, TravisCI, and Github CI, along with API dependencies to Jira and elsewhere. It's a miracle system when it works well, and it's a nightmare when something somewhere goes wrong, and the guy who knows how it's all stitched together isn't there. A couple times in the very recent past Github has made on-the-fly changes to their checksum algorithm breaking builds all over the world. If you've got a team of 5 people that's not a big deal.
The big companies will only use FOSS stuff in their builds after legal reviews, technical reviews, etc.. and then will always host locally. Updating to a new version of a package may require a re-review of all that, and will probably take many months. It can be painful when you need a feature or bug fix, but the benefit is stability and some confidence that an audit won't find a hidden dependency with a license that you aren't allowed to use.
As an old, I am impressed by the dynamic approach but I have a strong appreciation for the latter. It creates a stable, reliable environment and when you've got 200 engineers who are blocked when something breaks, it's useful to not be reliant on services and repositories all over the world.
Comment