Consider using your webserver to configure your environment specific variables for you. See: For example you could define your database connection via environment variables, keeping your DB host, port, username, and password out of version control completely. Some organizations even require this sort of deployment due to regulations and controls. This avoids the step of symlinking or copying a configuration entirely. If I defined an environment variable in Apache2 with the name of `DB_NAME` I could access it via the $_SERVER superglobal array. Some frameworks offer a transparent way to configure this like Symfony2

I prefer to link dependancies when possible (GIT submodules ETC), but always have a way of accessing this code if you do not control the repository you are linking to. What is to stop the package manager running git:// from removing your access to his repository? Or what happens when goes down for unforeseen reasons? Always have a contingency for these cases.