2018-02-20 11:39 GMT-08:00 Russ Cox <r...@golang.org>: > On Tue, Feb 20, 2018 at 2:35 PM, Devon H. O'Dell <devon.od...@gmail.com> > wrote: >> >> With regards to minimum version selection, if I depend on some feature >> present, this comes with two implicit dependencies: correctness and >> safety. My knee-jerk reaction here is that the time folks spend >> "telling the package manager, 'no, use at least Y,'" will largely be >> in response to these sorts of issues. Maybe this is seen as "working >> as intended;" my feeling is that this will become tiresome for >> projects with large dependency chains. Might it be worthwhile (and >> automatically possible) to pick the "maximally correct" minimum >> version? > > I am not sure what you mean by "maximally correct". > I think that's approximately what all the other package managers try to do. > It makes things very complex (literally: research.swtch.com/version-sat).
Thanks. I was thinking in terms of e.g. a "correctness counter" that could be published. If I depend on e.g. foo.Bar, I automatically want the least buggy version of foo.Bar. If foo.Bar appears in version 1, the amount of work required to find the least buggy version is directly proportional to the number of releases in which foo.Bar appears, and is annotated as having some correctness fix. I don't think this would necessarily be as complex as you point out in the referenced post: this is a property of an individual package. Of course, you want the same property for each package's dependencies, but that can be decided without conflict using the same methodology for each package. That is, I don't think there's a case for package X with a dependency on package Y where the minimum version can't be decided in linear time. Upon further thought, I realize folks will occasionally rely on particular forms of buggy behavior. I think that's probably fine if you can always require a specific version. However, it'd probably require some kinds of annotations on every portion of the API to work well: if I rely only on foo.Bar, and there's no dependency on foo.Bat which has a correctness change, that shouldn't leak into foo.Bar. That is probably an unreasonable amount of work to require from developers, so probably just ignore me :) --dho > Note that it's still super easy to say "update this package to latest" > or "update everything to latest". It just only happens when you ask, > not when the tool feels like it. > > Russ > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
