(Replying instead of making this part of the initial post, to keep the
"questions part" separate from my and other people's answers.)
> What are the problems?
> Can we turn them into tasks?
> How to we complete the tasks?
Here's my stab at this.
Fragile downloads
-----------------
Problem: External dependencies are typically downloaded from another
website, which may be offline or unreachable.
Solution: Upload all dependencies into the GitHub repository. Either as
separate repositories, or into a subdirectory of the main repo. Both
ways would work, the workflows and standard git commands would be
slightly different.
We would need to adapt the build process to avoid packing the
dependencies into the installable bundle. (Or maybe we actually want
them in. It's something that can be decided upon.)
Severity: Critical. We're already being bitten for the few external
dependencies that we have.
Unreliable libraries
--------------------
Problem: It is hard to assess the quality of a library without actually
using it. Backing out of using a library is more work than adding it in,
to projects tend to accumulate dependencies on crappy libraries over time.
Solution: Require that each and every assumption about a library's
behaviour is documented in a test in SymPy before we allow it to go in.
New PRs that use parts of the library need to be checked whether they
use a new aspect of the library, and have a test added if not.
Be very, very, very reluctant about adding new libraries.
Severity: Zero on the short term, critical on the long term.
Library versionitis
-------------------
Problem: We cannot test all combinations of all versions of all used
libraries. (We don't even manage to do that for our existing set of
dependencies.)
Solution: Again, tests for all aspects of all libraries that we use.
Also, define a list of versions that we have tested. Run our tests
against all versions. Subscribe the SymPy mailing list to the release
mailing lists for all external dependencies; each of them should be
turned into a GitHub issue to run the test suite against the new
version, fix any problems that we find, and extend the list of supported
versions.
Never add a library that we aren't confident we can run it through this
procedure within the week or so. (We need to be really thorough with our
tests to reach that level of confidence.)
If it comes to the worst (external library develops into something that
doesn't benefit us anymore), we can fork the latest-known-working
version of the library and either set up a forked project, or integrate
the fork in source form into SymPy.
Severity: Medium.
More time spent on trade-offs
-----------------------------
Problem: Being more open to external dependencies means we have a large
overhead for automatic testing.
It also means more decisions about whether we want a specific external
library or not.
Solution: Adding a new external dependency carries more-or-less the same
implications as adding a new subsystem to SymPy: It's a large piece of
code that we need to integrate, we need lots of tests, we need to commit
to maintaining it (the code itself if subsystem, the interface code and
tests if external library).
We simply need to weigh the advantages of the stuff that the library
brings against the disadvantages of having to maintain the interface,
the tests, and keeping up with the versions against the advantages of
not having to deal with some particular library.
Severity: Low, we're already dealing with this kind of stuff.