This is an artifact of Google's policy to vendor every. single. dependency. Iron... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tadfisher on Feb 7, 2024 \| parent \| context \| favorite \| on: Bloated Google-cloud-CLI contains an entire Python... This is an artifact of Google's policy to vendor every. single. dependency. Ironically, it makes building their stuff from source an absolute pain; if you think a vendored Python is bad, try building Android and post about it when it's done tomorrow.

izacus on Feb 7, 2024 | [–]

I'm sure they're very interested in supply chain attacks for operating system used by billions just to save you some time on your workstation at home.

tadfisher on Feb 7, 2024 | | [–]

There are ways to prevent malicious dependencies without having to vendor them.

thebruce87m on Feb 7, 2024 | [–]

That’s typical for embedded. Yocto and buildroot do everything from scratch too.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact