Consider vendoring legacy_api_wrap #1301
Comments
I generally agree that those issues exist (to varying degrees)¹ …
… but those reasons don’t apply to this specific library:
I think there are use cases for vendoring, but I’ve been bitten by it more often than I’ve seen it pay out. I haven’t dealt with git submodules in a while, but unless things changed, they also add complexity and make things harder (not only for newbies). So unless there’s an especially good case for vendoring², I’m against doing it, and if there is, I don’t know if git submodules are the way to go. ¹ Except for “people pinning it”: If we need a new feature of a dependency, we bump the minimum version we depend on and people pinning things might need to use an older anndata. That’s why we’re careful about doing that |
|
Conda has a policy against vendoring, so let’s not do that.
|
|
How do they handle scipy? Or versioneer? |
|
This issue has been automatically marked as stale because it has not had recent activity. |
I think we should be very conservative with dependencies for anndata. Ideally it's a very small set.
Each dependency brings possible dependency resolution issues (e.g. people pinning it) and supply chain vulnerabilities.
I think we can get around this (especially for small dependencies) by just vendoring the code (similar to approaches taken by larger packages like scipy/ numpy).
I would suggest that we use a submodule to specifically vendor
legacy_api_wrap.cc: @flying-sheep
The text was updated successfully, but these errors were encountered: