12
Is it bad form to patch a dependency?
(programming.dev)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Apr 2026
12 points (100.0% liked)
Programming
26399 readers
355 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 2 years ago
MODERATORS
This would depend on the language/ecosystem. It's worse for C and C++ than for example Rust because of packaging policies and ease of distributability.
Hmmm, it's C++
If the dependency static links the library and doesn't use structs or classes defined in it for its interface then it is fine. If either of those are not true it is asking for trouble
Then you could be forced to vendor everything. And if it's open-source and relevant for distros to pickup, then you will need to find out if distros would be willing to take your library with its vendored libs (or package them separately just for your library)...etc.
And you may need to figure out if there are bus factor concerns with your direct dependency, since such libraries are not necessarily maintenance free, even from a mere compiling/building stand point (what if a patched indirect dependency no longer builds with new compilers...etc).