tengqm commented on PR #6271: URL: https://github.com/apache/gravitino/pull/6271#issuecomment-2599414930
From a long term perspective, we are really supposed to be cautious when introducing new dependencies. We may need to revisit our existing ones and see if those are necessary. Most modern software developed in Java, Python, Go, Rust etc have a messy graph of package dependencies. This is unavoidable, but still something we as a team should watch out. It is perfectly fine to introduce an external dependency when the benefits we gain from it is justified. But bear in mind, all of them are animals in our zoo, and we are gonna take care of it since the day it is incorporated. I'm too old-fashioned to appreciate this kind of wide-range dependencies, for fear of maintenance burden, supply chain attacks, upgrade efforts, to name a few. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@gravitino.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
