[swift-evolution] [Review] SE-0145: Package Manager Version Pinning

Martin Waitz tali at admingilde.org
Thu Nov 3 02:07:48 CDT 2016 

> Am 03.11.2016 um 03:22 schrieb Daniel Duan <daniel at duan.org>:
> 
> On Nov 2, 2016, at 3:46 PM, Martin Waitz via swift-evolution <swift-evolution at swift.org> wrote:
> 
>>> What is your evaluation of the proposal?
>> 
>> +1 for using reproducible versions of dependencies
>> -1 for the actual proposal
>> 
>> My problem with this proposal is that it tries to please everybody by introducing options everywhere.
>>>> We should just drop all these problems and design a system which works for all use-cases
>> without having to manually pin dependencies.
> 
> The second half of the sentence contradicts with the first half. What if I need to only pin some of the dependencies, have have the rest update automatically?

Also, we should be really careful with our naming.
For me, pin or lock means: don’t touch it, keep this version.

If your use-case really is to keep a specific version, then well you should specify that as a requirement in your dependencies.
Then add this information (together with some comment why you absolutely need that version) to your `Package.swift`.

I want reproducible checkouts and builds, but I don’t want to make people feel that versions are set in stone.
We should encourage frequent updates. So we should not lock versions, we should just track and manage them.

If a package is actively maintained, then the maintainer will care about updating and adapting to changed dependencies.
If the package is not maintained any more, then it will not be adapted to changed dependencies anyway.
In this case it does not help to randomly break the build of dependent packages.

The best way out is to give dependent package maintainers the power to:
 * get enough information to see that there is a problem with a dependency
 * get enough time to be able to act accordingly (without having to rush because builds are already breaking everywhere)

With proper management of dependency versions, we can provide that.
Think of it as the git equivalent in package management :-)

— Martin

More information about the swift-evolution mailing list