Vendoring is often considered an anti-pattern, for many reasons including the following
- extra source code space
- hard to track upstream changes
- loss of version control information.
But sometimes one has to counter an anti-pattern with a relatively safer anti-pattern.
I once faced an issue where a project I was working on depended on GDAL, python bindings of which had to manually be added to $PYTHONPATH in some cases, and rio-color which primarily exposed a command-line interface.
Now, one could get them working with os.system('{command}') but I had very less context on how securely gdal, rio-color, or rio-mucho (an internal dependency of rio-color) managed memory or processes.
So using os.system was risky and would be hard for someone to debug if there'd be issues.
With some extra work, i.e to look into GDAL's pansharpening binding script, and rio-color's cli interface I collected the necessary clients and
put them in felicette/utils/.
- gdal_pansharpen function calls
osgeo.gdalinternally, and takes the same argument as one would use with a CLI. - Since the project was to be used only for color correction, rio-color/scripts/cli.py was stripped and a shorter version is maintained here.
These vendored clients are used in the following places respectively.