22 Jun
2015
22 Jun
'15
4:41 p.m.
On 22-06-15 15:52, Yuriy Tymchuk wrote:
What if I don’t want something to change without my
knowledge?
That is something you cannot afford with current tooling.
You can create a snapshot of all package versions, and calculate
a md5 over all method versions. You cannot afford to do that for
every change but you can do that for important situations.
Working software is more important than absolute reproducibility.
If you use numbered versions in your dependencies, you break
software. In practice. All the time. Because nobody can afford to
change versions at the sum rate of all changes of its dependencies.
So that doesn't happen.
Peter wrote
Wasn't there a discussion about versioning last
week?
Yes there was.
Dependency hell might make it harder to upgrade
(especially if
no meaningful system is employed), but depending on #stable
is great way to have your project broken at random. Only dead project
has stable
API.
That is a separate issue, take a look at the discussion.
A dependency needs to be on a symbolic version,
and if the API changes in a breaking way that should be reflected
there.
Stephan