[swift-evolution] [Review] SE-0145: Package Manager Version Pinning

Daniel Duan daniel at duan.org
Thu Nov 3 11:36:31 CDT 2016 

> On Nov 3, 2016, at 1:02 AM, Goffredo Marocchi <panajev at gmail.com> wrote:
> 
> Could you specify that in the tag of the dependency you need? >= 3.0.0   vs   = 2.0.0  etc… 

That’s missing the point of pinning though. You can already do this in Package.swift. Pinning is, in a way, guarding against violation of semvar (in case some packages introduce breaking changes without bumping version).

> I am not sure why in some cases we need to be unique over state of the art like Cocoapods in some areas. What is the added value (not saying that there is none)?

You can combine mechanisms to get your desired policy: get “pin by default” by always running “pin —all” along side other build steps. The converse isn’t true: you cannot get automatically updated dependencies (often your internal packages) at install without changing and checking in Podfile.lock. This issue manifests even more if you try to not distribute Podfile.lock: you get one anyways after your first install, so you’d have to remember to remove it before the next install).

(I’m not criticizing the practice of pinning everything by default, just want to point out it’s not flexible for cases where it’s not flexible. No one should decide those cases for anyone!)

The value added is well explained in the proposal. Simply saying “Cocoapods is good enough, why don’t we copy it” isn’t very constructive and interesting to me.

> Sent from my iPhone
> 
>> On 3 Nov 2016, at 02:22, Daniel Duan via swift-evolution <swift-evolution at swift.org> wrote:
>> 
>> On Nov 2, 2016, at 3:46 PM, Martin Waitz via swift-evolution <swift-evolution at swift.org> wrote:
>> 
>>>> What is your evaluation of the proposal?
>>> 
>>> +1 for using reproducible versions of dependencies
>>> -1 for the actual proposal
>>> 
>>> My problem with this proposal is that it tries to please everybody by introducing options everywhere.
>>>>>> We should just drop all these problems and design a system which works for all use-cases
>>> without having to manually pin dependencies.
>> 
>> The second half of the sentence contradicts with the first half. What if I need to only pin some of the dependencies, have have the rest update automatically?
>> 
>> 
>> _______________________________________________
>> swift-evolution mailing list
>> swift-evolution at swift.org
>> https://lists.swift.org/mailman/listinfo/swift-evolution

More information about the swift-evolution mailing list