1

What are your criteria for selection a (open source) library (or framework) for enterprise usage?

Some libraries are pretty small and can be easily checked for security flaws or tested for performance. But most libraries are too big to be reviewed before you can start to use them.

When I think of me selecting a library, most if the selection process is just gut feeling. When I try to be more specific, these are the first criteria which come to my mind:

  1. How many developers are working on the project? My feeling is that more developers will find more bugs and security issues. In addition it will be harder to introduce security issues intentionally.
  2. How good is the support? Compared to closed source libraries, I've got the feeling that the support of open source is often much better since you have a community around the globe which will be available whenever you need them.
  3. How wide spread is the library? Are there any books about it on the market? Which other projects are using the library?

What are your criteria? Feel free to edit this note as community wiki.

4

2 回答 2

1

对我来说,这取决于是否付费。就您而言,您给人的印象是您正在查看开源库。

在这种特定情况下,我将查看测试覆盖率。不管贡献者有多少,如果没有任何我可以自己运行的单元测试(以及增强和测试我的用例是否超出所提供的单元测试的覆盖范围),那么这对于我来说是一个大问题我。

并不是说我不欣赏在提供库方面已经完成的工作,而是像这样的项目中的代码应该已经具有良好覆盖率的单元测试,以便获得牵引力。

如果没有库有单元测试,那么我会开始在搜索引擎上搜索库,积极寻找否定回复。那些对代码有负面感觉并且可以根据代码如何使他们失败来明确这些感觉的客观基础的人将提供比说“它很好用”的大众更有价值的反馈。

现在对于一段商业代码,情况就完全不同了。那时,我会开始将公司及其支持人员视为一个整体,并以此作为决定(以及您自己的测试以查看图书馆是否适合您)是否使用该公司的产品。

于 2009-12-23T19:53:52.887 回答
1

在开源库中,您经常无法获得可靠的支持。在这种情况下,您最好自己修复它,这涉及以下要求。

  1. 你需要有能力阅读经常杂乱无章的代码。
  2. 从正确的人那里提出正确问题的技术能力——也就是说,这些人没有得到报酬来解决问题,他们只有在你让他们足够容易的情况下才会回答你。
  3. 然后,您需要能够修复错误并让补丁被接受——因为如果补丁不被接受......

考虑到这一点,我倾向于购买商业图书馆或双重许可图书馆,这样我就可以花钱请一位称职的工程师(受我付给他公司的钱的激励)来解决我的问题。

于 2009-12-23T20:11:22.860 回答