Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.ca/users/gatesvp/statuses/112052978864679567">Gaëtan Perrault (gatesvp@mstdn.ca)'s status on Thursday, 07-Mar-2024 17:15:46 JST</a><a href="https://mstdn.ca/@gatesvp" title="gatesvp@mstdn.ca"><img src="https://gnusocial.jp/avatar/111265-48-20230415210533.webp" width="48" height="48" alt="Gaëtan Perrault" style="position: absolute; left: 0; top: 0;">Gaëtan Perrault</a><div><a href="https://mstdn.ca/@gatesvp/112052950803444051" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/202140" title="functionalscript@techhub.social">Sergey Shandar</a></li></ul></div></section><article><p><a href="https://techhub.social/@functionalscript" rel="nofollow noreferrer">@functionalscript</a> <a href="https://fosstodon.org/@nzakas" rel="nofollow noreferrer">@nzakas</a> </p><p>Now you're not referencing main/HEAD, but you also know exactly what you're getting. Build system can cache those values. </p><ul><li>You get to control the upgrade cycle for your dependencies</li><li>You can roll back these upgrades </li><li>You get an auditable trail of what's in Production</li><li>You can run verification tools to ensure that the versions you use meet your security standards</li></ul><p>Other people's repos don't come with warranties, so you need to build your own assurances... /3</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2796318#notice-5549267">In conversation</a><time datetime="2024-03-07T17:15:46+09:00" title="Thursday, 07-Mar-2024 17:15:46 JST">Thursday, 07-Mar-2024 17:15:46 JST</time> <span>from <span><a href="https://mstdn.ca/@gatesvp/112052978864679567" rel="external" title="Sent from mstdn.ca via ActivityPub">mstdn.ca</a></span></span><a href="https://mstdn.ca/@gatesvp/112052978864679567">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Gaëtan Perrault (gatesvp@mstdn.ca)'s status on Thursday, 07-Mar-2024 17:15:46 JSTGaëtan Perrault
in reply to
- Nicholas C. Zakas
- Sergey Shandar
@functionalscript @nzakas
Now you're not referencing main/HEAD, but you also know exactly what you're getting. Build system can cache those values.
- You get to control the upgrade cycle for your dependencies
- You can roll back these upgrades
- You get an auditable trail of what's in Production
- You can run verification tools to ensure that the versions you use meet your security standards
Other people's repos don't come with warranties, so you need to build your own assurances... /3
In conversationThursday, 07-Mar-2024 17:15:46 JST from mstdn.capermalink

Public

Embed Notice

HTML Code

Corresponding Notice