One thing I've always found frustrating is when a library I use is no longer maintained. Even looking at update history and community beforehand, I've run into the situation where I check back later to find that the version I'm using is the last version.
我总是觉得令人沮丧的一件事是我不再使用我使用的库。即使事先查看更新历史记录和社区,我也遇到过后来检查的情况,发现我使用的版本是最后一个版本。
Generally this goes unnoticed until a few months have passed, or some bug/limitation has been found. I run into this fairly often when coding in Python, because my desire to upgrade to a new version of the interpreter can easily introduce problems in libraries that worked fine before. My question is: what is the best response to this situation?
通常这种情况在几个月过去之后就会被忽视,或者发现了一些错误/限制。我在Python中进行编码时经常遇到这种情况,因为我希望升级到新版本的解释器很容易在以前运行良好的库中引入问题。我的问题是:对这种情况的最佳回应是什么?
-
Do you become the maintainer of the old library? Even if you're only fixing the bugs you care about, this is still a lot of work. Especially if the library is large, complex, and has less-than-well-documented code (the case more often than not).
你成为旧图书馆的维护者吗?即使你只修复你关心的错误,这仍然是很多工作。特别是如果库很大,很复杂,并且编写的代码不够精确(通常情况下)。
-
Do you switch to a different library (if there is one)? This is also a significant undertaking, with the potential to introduce new bugs, especially if the only alternatives approach the problem from a different angle. This can be true even if you had the foresight to write an abstraction layer for the old library's functionality.
你切换到另一个库(如果有的话)?这也是一项重大任务,有可能引入新的错误,特别是如果唯一的替代方案从不同的角度解决问题。即使您有远见为旧库的功能编写抽象层,这也是如此。
-
Do you roll your own? It probably ends up as less code than the old library, since you only write the parts you care about. It's therefore easier to maintain in the future. But now you've wasted days/weeks/months to produce something that is probably less functional, and is guaranteed to introduce tons of new bugs.
你自己滚吗?它可能最终会比旧库更少的代码,因为您只编写您关心的部分。因此,将来更容易维护。但是现在你已经浪费了几天/几周/几个月来生产可能功能较少的东西,并且保证会引入大量的新bug。
I realize the answer depends on the specific case: the size of the library, whether source is available, how maintainable it is, how much of it your code uses, how deeply your code relies on it, etc. I'm looking for answers across a range of cases. What are your experiences with this problem?
我意识到答案取决于具体情况:库的大小,源是否可用,可维护性,代码使用的程度,代码依赖程度等等,我正在寻找答案跨越一系列案例。你对这个问题有什么经验?
5 个解决方案
#1
Well, you've found one argument to lessen the number of external dependencies...
好吧,你找到了一个减少外部依赖数量的论据......
I've come across this in several Java projects I've audited; it seems people have a tendency to drop in a Jar found somewhere on the Web for the tiniest amount of reuse possible from it. The result is a mess of dependencies that ends up undermining the code base. I prefer to use external components sparingly.
我在几个我审计过的Java项目中遇到过这个问题;似乎人们倾向于放入网上某处找到的Jar,因为它可以从中获得最微小的重用。结果是一堆混乱的依赖,最终破坏了代码库。我更喜欢谨慎使用外部组件。
It's probably most useful to ask what you can do before. Make a point of evaluating the future lifetime of an external component before you start using it. Do some research on how large its developer community and its user community are. Also, prefer to use a component that has one or two "lesser" alternatives which you could also use.
询问你之前可以做什么可能是最有用的。在开始使用外部组件之前,请先评估外部组件的未来生命周期。对其开发者社区及其用户社区的规模进行一些研究。此外,更喜欢使用具有一个或两个“较小”替代品的组件,您也可以使用它。
If there's something you're tempted to use, but it has only one or two people working on it and isn't used much beyond their own project, then you should probably roll your own - or join forces with the maintainers of the component.
如果你有一些想要使用的东西,但它只有一两个人在使用它并且不会超出他们自己的项目,那么你应该自己动手 - 或者与组件的维护者联手。
#2
I think your really answer is in how do you select third party libraries to include in your code.
我认为您真正的答案是如何选择要包含在代码中的第三方库。
If you happen to like constantly upgrading your code to the latest version of the language then by default you can only use libraries that have active communities behind them
如果您喜欢不断将代码升级到最新版本的语言,那么默认情况下您只能使用在其后面有活动社区的库
In fact I would go as far as saying that the only time that you want to use a third party open source library is when the community behind it is large (say at least 40+ users) and it has undergone a few releases.
事实上,我会说,你想要使用第三方开源库的唯一时间是它背后的社区很大(比如至少有40多个用户)并且它已经经历了一些发布。
For a commercial library the same thing applies how long is the company going to be around and how many other clients use it.
对于商业图书馆来说,同样的事情适用于公司将要存在多长时间以及有多少其他客户使用它。
If you can't find a library in this position then ensure that you abstract the third party library out of your code so replacement isn't hard in the future.
如果您在此位置找不到库,请确保从代码中抽象出第三方库,以便将来更换。
#3
When the Java EE framework my employer chose went belly up, we went out and found a newer, better one. Fortunately Spring was available.
当我的雇主选择了Java EE框架时,我们走了出去,发现了一个更新,更好的框架。幸运的是Spring可用。
#4
We prefer to roll our own for that very reason. We end up with full control over it, full knowledge of how it works, and we can change it any way we want. When our ass is on the line when the blame game is played, we prefer to reduce the risk and do it ourselves.
出于这个原因,我们更愿意推出自己的产品。我们最终完全控制它,完全了解它的工作原理,我们可以随心所欲地改变它。当我们的屁股出现在指责游戏时,我们宁愿降低风险并自己动手。
We had a situation once where we did use an external library, and it got rewritten and repurposed by the author and no longer did what we expected. We rolled over that, wrote our own version, and continued safely.
我们曾经有过一次使用外部库的情况,它被作者重写并重新调整用途,不再符合我们的预期。我们推翻了这个,写了我们自己的版本,然后安全地继续。
The bottom line is safety, and minimization of risk.
最重要的是安全性和风险最小化。
#5
If the source is available, the licence is open and the library does the job really well, you have the option to fork the library. By doing this, you can also add new features to it. If the library has lots of things to fix and the code is a mess, it is better to find something else to work with.
如果源可用,许可证是打开的,并且库可以很好地完成工作,您可以选择分叉库。通过这样做,您还可以为其添加新功能。如果库有很多东西需要修复并且代码很乱,最好找一些其他的东西来处理。
#1
Well, you've found one argument to lessen the number of external dependencies...
好吧,你找到了一个减少外部依赖数量的论据......
I've come across this in several Java projects I've audited; it seems people have a tendency to drop in a Jar found somewhere on the Web for the tiniest amount of reuse possible from it. The result is a mess of dependencies that ends up undermining the code base. I prefer to use external components sparingly.
我在几个我审计过的Java项目中遇到过这个问题;似乎人们倾向于放入网上某处找到的Jar,因为它可以从中获得最微小的重用。结果是一堆混乱的依赖,最终破坏了代码库。我更喜欢谨慎使用外部组件。
It's probably most useful to ask what you can do before. Make a point of evaluating the future lifetime of an external component before you start using it. Do some research on how large its developer community and its user community are. Also, prefer to use a component that has one or two "lesser" alternatives which you could also use.
询问你之前可以做什么可能是最有用的。在开始使用外部组件之前,请先评估外部组件的未来生命周期。对其开发者社区及其用户社区的规模进行一些研究。此外,更喜欢使用具有一个或两个“较小”替代品的组件,您也可以使用它。
If there's something you're tempted to use, but it has only one or two people working on it and isn't used much beyond their own project, then you should probably roll your own - or join forces with the maintainers of the component.
如果你有一些想要使用的东西,但它只有一两个人在使用它并且不会超出他们自己的项目,那么你应该自己动手 - 或者与组件的维护者联手。
#2
I think your really answer is in how do you select third party libraries to include in your code.
我认为您真正的答案是如何选择要包含在代码中的第三方库。
If you happen to like constantly upgrading your code to the latest version of the language then by default you can only use libraries that have active communities behind them
如果您喜欢不断将代码升级到最新版本的语言,那么默认情况下您只能使用在其后面有活动社区的库
In fact I would go as far as saying that the only time that you want to use a third party open source library is when the community behind it is large (say at least 40+ users) and it has undergone a few releases.
事实上,我会说,你想要使用第三方开源库的唯一时间是它背后的社区很大(比如至少有40多个用户)并且它已经经历了一些发布。
For a commercial library the same thing applies how long is the company going to be around and how many other clients use it.
对于商业图书馆来说,同样的事情适用于公司将要存在多长时间以及有多少其他客户使用它。
If you can't find a library in this position then ensure that you abstract the third party library out of your code so replacement isn't hard in the future.
如果您在此位置找不到库,请确保从代码中抽象出第三方库,以便将来更换。
#3
When the Java EE framework my employer chose went belly up, we went out and found a newer, better one. Fortunately Spring was available.
当我的雇主选择了Java EE框架时,我们走了出去,发现了一个更新,更好的框架。幸运的是Spring可用。
#4
We prefer to roll our own for that very reason. We end up with full control over it, full knowledge of how it works, and we can change it any way we want. When our ass is on the line when the blame game is played, we prefer to reduce the risk and do it ourselves.
出于这个原因,我们更愿意推出自己的产品。我们最终完全控制它,完全了解它的工作原理,我们可以随心所欲地改变它。当我们的屁股出现在指责游戏时,我们宁愿降低风险并自己动手。
We had a situation once where we did use an external library, and it got rewritten and repurposed by the author and no longer did what we expected. We rolled over that, wrote our own version, and continued safely.
我们曾经有过一次使用外部库的情况,它被作者重写并重新调整用途,不再符合我们的预期。我们推翻了这个,写了我们自己的版本,然后安全地继续。
The bottom line is safety, and minimization of risk.
最重要的是安全性和风险最小化。
#5
If the source is available, the licence is open and the library does the job really well, you have the option to fork the library. By doing this, you can also add new features to it. If the library has lots of things to fix and the code is a mess, it is better to find something else to work with.
如果源可用,许可证是打开的,并且库可以很好地完成工作,您可以选择分叉库。通过这样做,您还可以为其添加新功能。如果库有很多东西需要修复并且代码很乱,最好找一些其他的东西来处理。