When is it (not) appropriate to bundle dependencies with an application?

Question

Summary

I recently had a conversation with the creator of a framework that one of my applications depends on. During that conversation he mentioned as

Answer 1

An important point seems to have been forgotten in the Cons of bundling libraries/frameworks/etc with the application: security updates.

Most Web frameworks are full of security holes and require frequent patching. Any library, anyway, may have to be upgraded one day or the other for a security bug.

If you do not bundle, sysadmins will just upgrade one copy of the library and restart depending applications.

If you bundle, sysadmins will probably not even know they have to upgrade something.

So, the issue with bundling is not the disk space, it's the risk of letting old and dangerous copies around.