Menu
I am building a web application that is dependent upon several third-party libraries. What is a good strategy for making sure that you're always using the most fully patched versions? A simple method would be to keep the versions written down and visit the websites at regular intervals, but I am looking for some way to get the information 'pushed' to me if possible, like an aggregation service so I can see things at a glance. I figured that there might be others out there who have needed to do the same thing and have worked out a good solution.
Here are a few libraries I am using:
413
"A simple method would be to keep the versions written down and visit the websites at regular intervals,"
Good idea.
"but I am looking for some way to get the information 'pushed' to me if possible."
Potentially a bad idea.
The issue is one of confirming mutual compatibility. Open Source software requires a huge integration effort.
You must validate each update of each third-party package against your application. Having information "pushed" to you doesn't help you do the validation or testing. It only tells you that you "should" do something. Since you can't simply drop everything and test every time something is updated, you have to do something like the following.
Pick a schedule. Monthly, for example.
Check all your packages for release notes.
Download updates you think might be interesting. I.e., they fix bugs you have. Or they patch security holes you didn't know you have.
Test.
If everything works, you have an update to your application. If things don't work, you have debugging to plan for and then do.
170
Do they have version control repositories? If so, your problem is solved by pulling from their respective VCS's.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
