On Monday, 2 February 2015 at 08:58:38 UTC, Joseph Rushton
Wakeling wrote:
Scenario: a dependency has a security hole that gets patched.
If the dub package is updated, all applications using that dub
package will automatically have that update available next time
they are built.
Is that so? Won't a security fix entail a version bump, requiring
a change in the requirements file of the parent project? Also,
does Dub really check for updated versions of libraries online,
every time a project is built?
- When cloning repositories, dub does not preserve the
repository's directory
name (so e.g. fruit will be cloned to ~/.dub/fruit-1.0.0/).
Necessary in order to maintain multiple versions of a package
in order to satisfy different applications' dependencies,
surely? You have a similar situation with different versions
of shared libraries installed on any UNIX system.
No, it is not necessary. The directory layout could be
~/.dub/fruit-1.0.0/fruit/...
