Hello all, occasionally there are build issues¹ with third-party dependencies. Some of these can be attested to the fact that Ledger has infrequently updated the minimum required version of its dependencies.
According to the README Ledger specifies the following version requirements for its dependencies (I took the liberty to add columns for age, release date, latest version, and latest release date for comparison): Required | Version | | Release || Latest | Release Dependency | (or greater) | Age | Date || Version | Date ------------|--------------|----------|--------- ||-------- |--------- [CMake] | 3.0.0 | 4 years | Dec 2018 || 3.5.2 | Jan 2023 [Boost] | 1.49 | 11 years | Feb 2012 || 1.81.0 | Dec 2022 [GMP] | 4.2.2 | 16 years | Sep 2007 || 6.2.1 | Nov 2020 [MPFR] | 2.4.0 | 14 years | Jan 2009 || 4.2.0 | Jan 2023 [utfcpp] | 2.3.4 | 8 years | Sep 2015 || 3.2.3 | Dec 2022 Optional | Version | | Release || Latest | Release Dependency | (or greater) | Age | Date || Version | Date ------------|--------------|----------|----------||---------|---------- [Python] | 3.9 | ~3 years | Oct 2020 || 3.11 | Oct 2022 [gettext] | 0.17 | 16 years | Nov 2007 || | Jul 2020 [libedit] | 20090111-3.0 | 14 years | Sep 2009 || 20221030-3.1. | Oct 2022 [doxygen] | 1.5.7.1 |>13 years | Unknown || 1.9.6 | Dec 2022 [graphviz] | 2.20.3 | >2 years | Unknown || 7.1.0 | Jan 2023 [texinfo] | 4.13 | 15 years | Sep 2008 || 7.0.2 | Jan 2023 [lcov] | 1.6 | ? years | Uknown || 1.16 | Jun 2022 [sloccount] | 2.26 | ? years | Uknown || Same | Same I believe there is value in deciding how old the minimum required version for a dependency should be, so that dependencies can be updated regularly and code handling compatibility for outdated dependencies is removed and does not accumulate over time. This allows to gradually adapt to dependencies deprecating API rather than last minute when breaking change is (about to be) introduced by one of Ledger's dependencies. A conservative approach—possibly maintaining overly high backwards compatibility—could be to decide that once a year Ledger's dependencies are updated to the latest version of each dependency that is 4 years old. A more progressive approach—likely to still maintain a high backwards compatibility—is to update each dependency to the latest version that is 2 years old My very first take on this is #2194² which changes CMake's minimum required version to 3.12.0 (released over 4 years ago in Nov 2018). If the more progressive approach would be taken for the #2194 PR CMake could be upgraded to version 3.19. This would break support for Debian stable³ as it offers version 3.18, hence it seems CMake 3.18 is a better option as it is a good compromise between recency and backwards compatibility. I'd love to hear your thoughts, especially if you contribute to Ledger or maintain a distribution port. Best Alexis ¹ https://github.com/ledger/ledger/issues?q=is%3Aissue+boost+is%3Aclosed ² https://github.com/ledger/ledger/pull/2194 ³ https://packages.debian.org/bullseye/cmake) Release Pages: CMake https://github.com/Kitware/CMake/releases/ Boost https://sourceforge.net/projects/boost/files/boost-binaries/ GMP https://gmplib.org/download/gmp/ MPFR https://www.mpfr.org/history.html utfcpp https://github.com/nemtrif/utfcpp/releases Python https://www.python.org/downloads/ gettext https://ftp.gnu.org/pub/gnu/gettext doxygen https://github.com/doxygen/doxygen/releases https://sourceforge.net/projects/doxygen/files/ graphviz https://www.graphviz.org/download/source/ lcov https://github.com/linux-test-project/lcov.git libedit https://thrysoee.dk/editline/ Texinfo https://ftp.gnu.org/gnu/texinfo/ -- --- You received this message because you are subscribed to the Google Groups "Ledger" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ledger-cli/20230214100228.qmi4nrtqrglnlzsj%40kei.local.
