[swift-build-dev] [swift-evolution] Proposal: Package Manager Version Pinning

Eloy Durán eloy.de.enige at gmail.com
Fri Oct 14 18:45:35 CDT 2016

>> [...]
>> I see it as my responsibility to know exactly what code I’m pulling into my package. In my view, it’s absolutely unsafe to trust other people’s code. Even when they mean no harm, trusting them to properly apply SemVer is the same issue.
> maybe we should have the tooling support that? Elm does try to enforce correct semantic versioning. Maybe swift-pm should do that too?
> See http://elm-lang.org :
> <quote>
> Enforced Semantic Versioning
> Elm can detect all API changes automatically thanks to its type system. We use that information to force everything in our package catalog to follow semantic versioning precisely. No more surprises in PATCH releases!
> </quote>
> I have no idea how well it works but if we'll end up relying on proper semantic versioning, tool support sounds like a good idea to me.

This is what I was referring to when I mentioned that automation can only take you so far. It is easily possible to do a patch release where the API might not change, but the semantics of the code does.

In my opinion it requires human judgement to determine if a change is really something you can trust. Trusting SemVer for that is going to lead to problems and making people think that they can is just misleading in my book.

Not saying you can’t have tools to help guide choosing versions, though.

More information about the swift-build-dev mailing list