On Tue, Jun 20, 2017 at 10:18 AM, Stefan Bodewig <bode...@apache.org> wrote:
> > Interesting. This means OSGi only provides a way for consumers to say > which version of an API they want, but not which implementation. This means > as a consumer you can't say "I want version 1.19 of Compress because I know > it contains an important fix". This feels more limited in expressiveness > than I had expected. > Bundles can specify all sorts of Requirements, including implementations, and bugfix version ranges (by default, the bugfix component is not specified in the lower bound, but that is just a default). It can be a little too expressive :-) If a new version becomes available, it can often be swapped in dynamically (e.g. when using Declarative Services (née Felix SCR) with Greedy dynamic reference, an inject service will be replaced whenever a newer version is available). For more on updating and refreshing bundles see: https://stackoverflow.com/questions/4330927/how-does-osgi-bundle-update-work I do feel that it ought to be possible to have more aggressive updates for critical (security) release, though that's a little orthogonal to the version range issue.