FOSSIL LOGIC DEPENDENCY POLICIES
I understand that external dependencies introduce risk, complexity, and potential legal exposure. Fossil Logic prioritizes independence, reliability, and minimal reliance on third-party software to ensure long-term stability, security, and legal compliance. These policies guide all dependency management decisions.
Minimal and Conservative Dependencies
Fossil Logic projects are designed to minimize reliance on external libraries or frameworks. Dependencies are included only when absolutely necessary for functionality, efficiency, or security. The goal is to maintain a small, predictable, and maintainable software footprint.
Vetting and Compliance
Any required third-party dependency is thoroughly reviewed for:
- License compatibility (favoring permissive licenses such as Apache 2.0)
- Security and stability
- Maintenance and support track record
Dependencies that introduce legal, operational, or security risks are avoided.
WrapDB and Meson-Managed Dependencies
For C and C++ projects, external dependencies are handled exclusively through Meson’s built-in wrapDB mechanism. Versions are pinned and documented to guarantee reproducibility and minimize unexpected changes or vulnerabilities.
Risk Avoidance
Dependencies that may create “long, boring, or terrifying” legal exposure—such as unclear licensing, export restrictions, or unmaintained code—are strictly prohibited. Fossil Logic assumes responsibility only for code under its direct control or clearly approved external dependencies.
Documentation and Transparency
All external dependencies, including versions, purpose, and license information, are documented. Clients and contributors can verify exactly what is included in every project to ensure clarity and accountability.
Continuous Monitoring and Review
Dependencies are reviewed regularly for security, updates, and continued necessity. Unnecessary or risky dependencies are removed promptly to maintain a clean, maintainable codebase.
Accountability
I take personal responsibility for the reliability, security, and legality of all dependencies in Fossil Logic projects. Independent, deterministic, and reproducible software is a core principle of disciplined engineering at Fossil Logic.
Why Policies Matter
By minimizing external dependencies, Fossil Logic reduces legal, security, and operational risk while maintaining stable, maintainable, and high-quality software. These policies support conservative, American-first engineering and protect both clients and the company from unforeseen issues.
