Comment by rootnod3
3 months ago
But that would lock me in to say whatever $debian provides. And some dependencies only exist as source because they are not packaged for $distribution.
Of course, if possible, just saying "hey, I need these dependencies from the system" is nicer, but also not error-free. If a system suddenly uses an older or newer version of a dependency, you might also run into trouble.
In either case, you run into either an a) trust problem or b) a maintenance problem. And in that scenario I tend to prefer option b), at least I know exactly whom to blame and who is in charge of fixing it: me.
Also comes down to the language I guess. Common Lisp has a tendency to use source packages anyway.
> If a system suddenly uses an older or newer version of a dependency, you might also run into trouble.
You won't. The user may. On his system.
Aware of that. So how is that different from any other Debian package? If you rely on a certain set of packages, you are always at the end at fault. You either trust a certain base or you vet it.