Of course you should do this in any language. I once used a Ruby library that, when loaded, would try to connect to a database on a remote machine. Programs which required this library would take several seconds to display their --help output.
Because of that and similar incidents, I've learned to import argparse up front but nothing else unless necessary. Once argument parsing is done, then importing other modules begins.
> I once used a Ruby library that, when loaded, would try to connect to a database on a remote machine.
How is that at all acceptable? I can't believe that a library that phones home would gain any sort of popularity.
I can't say I know much of anything about the Ruby community, but if they've conditioned you to jump through hoops like importing modules at specific times to avoid delays, that is a serious problem. Conditional/delayed imports have their place, but they should be relatively rare.
Well, the "home" it was phoning was on the same network, so it wasn't a security issue, just a usability/performance one. This wasn't anything against the Ruby community--just an errant library written by one person who thought it would be more "convenient" if the database connection were established up front.
Out of curiosity, what would be better to handle the case of RVM?
It's explicitly user space software, and unprivileged user space software at that, so having it require admin interaction (i.e. touching the system package manager) to install seems like a sledgehammer where a flyswatter would do.
They could use a VCS repo of some kind, but that doesn't handle the various folder and script installs that need to happen - and also doesn't help if there isn't that specific VCS on the system.
Upstream security is less of a concern since that hotlink just points to raw code on Github, and over HTTPS no less.
So what are the negatives here? For software like RVM, this seems like the best, most portable solution that works for the most people.
It's nice to have the imports up front. Are you sure you can't give this special treatment to the modules that need it rather than doing it to literally all your dependencies?
Because of that and similar incidents, I've learned to import argparse up front but nothing else unless necessary. Once argument parsing is done, then importing other modules begins.