>> I see it as my responsibility to know exactly what code I’m pulling into my
>> package. In my view, it’s absolutely unsafe to trust other people’s code.
>> Even when they mean no harm, trusting them to properly apply SemVer is the
>> same issue.
> maybe we should have the tooling support that? Elm does try to enforce
> correct semantic versioning. Maybe swift-pm should do that too?
> See http://elm-lang.org :
> Enforced Semantic Versioning
> Elm can detect all API changes automatically thanks to its type system. We
> use that information to force everything in our package catalog to follow
> semantic versioning precisely. No more surprises in PATCH releases!
> I have no idea how well it works but if we'll end up relying on proper
> semantic versioning, tool support sounds like a good idea to me.
This is what I was referring to when I mentioned that automation can only take
you so far. It is easily possible to do a patch release where the API might not
change, but the semantics of the code does.
In my opinion it requires human judgement to determine if a change is really
something you can trust. Trusting SemVer for that is going to lead to problems
and making people think that they can is just misleading in my book.
Not saying you can’t have tools to help guide choosing versions, though.
swift-evolution mailing list