Storing third-party libraries in source control

version-control

Solution 1:

store everything you will need to build the project 10 years from now.I store the entire zip distribution of any library, just in case

Edit for 2017: This answer did not age well:-). If you are still using something old like ant or make, the above still applies. If you use something more modern like maven or graddle (or Nuget on .net for example), with dependency management, you should be running a dependency management server, in addition to your version control server. As long as you have good backups of both, and your dependency management server does not delete old dependencies, you should be ok. For an example of a dependency management server, see for example Sonatype Nexus or JFrog Artifcatory, among many others.

Solution 2:

As well as having third party libraries in your repository, it's worth doing it in such a way that makes it easy to track and merge in future updates to the library easily (for example, security fixes etc.). If you are using Subversion using a proper vendor branch is worthwhile.

If you know that it'd be a cold day in hell before you'll be modifying your third party's code then (as @Matt Sheppard said) an external makes sense and gives you the added benefit that it becomes very easy to switch up to the latest version of the library should security updates or a must-have new feature make that desirable.

Also, you can skip externals when updating your code base saving on the long slow load process should you need to.

@Stu Thompson mentions storing documentation etc. in source control. In bigger projects I've stored our entire "clients" folder in source control including invoices / bills/ meeting minutes / technical specifications etc. The whole shooting match. Although, ahem, do remember to store these in a SEPARATE repository from the one you'll be making available to: other developers; the client; your "browser source view"...cough... :)

Solution 3:

Don't store the libraries; they're not strictly speaking part of your project and uselessy take up room in your revision control system. Do, however, use maven (or Ivy for ant builds) to keep track of what versions of external libraries your project uses. You should run a mirror of the repo within your organisation (that is backed up) to ensure you always have the dependencies under your control. This ought to give you the best of both worlds; external jars outside your project, but still reliably available and centrally accessible.

Solution 4:

We store the libraries in source control because we want to be able to build a project by simply checking out the source code and running the build script. If you aren't able to get latest and build in one step then you're only going to run into problems later on.

Related

Update Android SDK Tool to 22.0.4(Latest Version) from 22.0.1
element with the max height from a set of elements
Django - How to make a variable available to all templates?
Creating a Prompt/Answer system to input data into R
Recommended JavaScript HTML template library for JQuery? [closed]
catch on swipe to dismiss event
Windows PowerShell: changing the command prompt
Configuring Permissions for FTP and Apache
Entity Framework Code First Date field creation
How to join entries in a set into one string?
How can I hide the header of a WPF ListView?
How to capitalize the first character of each word, or the first character of a whole string, with C#?