The Tempting Trap of Modifying Open Source Components
Sonatype Customer Success Engineer Adam Weinrich's session from the 2019 Nexus User Conference.
The modern software supply chain and Nexus insulate manufacturers from the component developer communities underlying their dependencies but the component OSS code is by definition freely modifiable and a reasonable path to consider. If you do change Open Source code this may introduce significant complexity, technical debt and legal obligations and trap you in a state that is not worth the risk. We will explore the interesting background of these dynamic and outline the most common risks and pitfalls and ways to avoid manage and mitigate them in our Nexus workflow. We’ll review some user stories from the trenches of what worked and what didn’t. "